Conformance: Improve test reliability

conformance/tests/admin-network-policy-experimental-egress-rules.go

@@ -17,14 +17,8 @@ limitations under the License.
 package tests
 
 import (
-	"context"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	v1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
 	api "sigs.k8s.io/network-policy-api/apis/v1alpha2"
 	"sigs.k8s.io/network-policy-api/conformance/utils/kubernetes"
 	"sigs.k8s.io/network-policy-api/conformance/utils/suite"
@@ -48,21 +42,10 @@ var CNPAdminTierEgressNamedPort = suite.ConformanceTest{
 	Test: func(t *testing.T, s *suite.ConformanceTestSuite) {
 
 		t.Run("Should support an 'allow-egress' policy for named port", func(t *testing.T) {
-			ctx, cancel := context.WithTimeout(context.Background(), s.TimeoutConfig.GetTimeout)
-			defer cancel()
 			// This test uses `egress-tcp` admin CNP
 			// cedric-diggory-1 is our server pod in hufflepuff namespace
-			serverPod := &v1.Pod{}
-			err := s.Client.Get(ctx, client.ObjectKey{
-				Namespace: "network-policy-conformance-hufflepuff",
-				Name:      "cedric-diggory-1",
-			}, serverPod)
-			require.NoErrorf(t, err, "unable to fetch the server pod")
-			cnp := &api.ClusterNetworkPolicy{}
-			err = s.Client.Get(ctx, client.ObjectKey{
-				Name: "egress-tcp",
-			}, cnp)
-			require.NoErrorf(t, err, "unable to fetch the cluster network policy")
+			serverPod := kubernetes.GetPod(t, s.Client, "network-policy-conformance-hufflepuff", "cedric-diggory-1", s.TimeoutConfig.GetTimeout)
+			cnp := kubernetes.GetClusterNetworkPolicy(t, s.Client, "egress-tcp", s.TimeoutConfig.GetTimeout)
 			mutate := cnp.DeepCopy()
 			namedPortRule := mutate.Spec.Egress[5]
 			webPort := "web"
@@ -73,21 +56,17 @@ var CNPAdminTierEgressNamedPort = suite.ConformanceTest{
 				},
 			}
 			mutate.Spec.Egress[5] = namedPortRule
-			err = s.Client.Patch(ctx, mutate, client.MergeFrom(cnp))
-			require.NoErrorf(t, err, "unable to patch the cluster network policy")
+			kubernetes.PatchClusterNetworkPolicy(t, s.Client, cnp, mutate, s.TimeoutConfig.GetTimeout)
 			// harry-potter-0 is our client pod in gryffindor namespace
 			// ensure egress is ALLOWED to hufflepuff from gryffindor at the web port, which is defined as TCP at port 80 in pod spec
 			// egressRule at index5 should take effect
-			success := kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-0", "tcp",
-				serverPod.Status.PodIP, int32(80), s.TimeoutConfig.RequestTimeout, true)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-0", "tcp",
+				serverPod.Status.PodIP, int32(80), s.TimeoutConfig, true)
 			// harry-potter-1 is our client pod in gryffindor namespace
 			// ensure egress is DENIED to hufflepuff from gryffindor for rest of the traffic; egressRule at index6 should take effect
-			success = kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
-				serverPod.Status.PodIP, int32(8080), s.TimeoutConfig.RequestTimeout, false)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
+				serverPod.Status.PodIP, int32(8080), s.TimeoutConfig, false)
 		})
-
 	},
 }
 
@@ -100,44 +79,32 @@ var CNPAdminTierEgressNodePeers = suite.ConformanceTest{
 	},
 	Manifests: []string{"base/admin_tier/experimental-egress-selector-rules.yaml"},
 	Test: func(t *testing.T, s *suite.ConformanceTestSuite) {
-		ctx, cancel := context.WithTimeout(context.Background(), s.TimeoutConfig.GetTimeout)
-		defer cancel()
 		// This test uses `node-and-cidr-as-peers-example` admin CNP
 		// centaur-1 is our server host-networked pod in forbidden-forrest namespace
-		serverPod := &v1.Pod{}
-		err := s.Client.Get(ctx, client.ObjectKey{
-			Namespace: "network-policy-conformance-forbidden-forrest",
-			Name:      "centaur-1",
-		}, serverPod)
-		require.NoErrorf(t, err, "unable to fetch the server pod")
+		serverPod := kubernetes.GetPod(t, s.Client, "network-policy-conformance-forbidden-forrest", "centaur-1", s.TimeoutConfig.GetTimeout)
 		t.Run("Should support an 'allow-egress' rule policy for egress-node-peer", func(t *testing.T) {
 			// harry-potter-1 is our client pod in gryffindor namespace
 			// ensure egress is ALLOWED to forbidden-forrest from gryffindor at the s.HostNetworkPorts[0] TCP port
 			// egressRule at index0 should take effect
-			success := kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
-				serverPod.Status.PodIP, int32(s.HostNetworkPorts[0]), s.TimeoutConfig.RequestTimeout, true)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
+				serverPod.Status.PodIP, int32(s.HostNetworkPorts[0]), s.TimeoutConfig, true)
 		})
 		t.Run("Should support a 'pass-egress' rule policy for egress-node-peer", func(t *testing.T) {
 			// harry-potter-1 is our client pod in gryffindor namespace
 			// ensure egress is PASSED to forbidden-forrest from gryffindor at the s.HostNetworkPorts[2] UDP port
 			// egressRule at index1 should take effect
-			success := kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
-				serverPod.Status.PodIP, int32(s.HostNetworkPorts[2]), s.TimeoutConfig.RequestTimeout, true) // Pass rule at index2 takes effect
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
+				serverPod.Status.PodIP, int32(s.HostNetworkPorts[2]), s.TimeoutConfig, true) // Pass rule at index2 takes effect
 		})
 		t.Run("Should support a 'deny-egress' rule policy for egress-node-peer", func(t *testing.T) {
 			// harry-potter-1 is our client pod in gryffindor namespace
 			// ensure egress is DENIED to rest of the nodes from gryffindor; egressRule at index2 should take effect
-			success := kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
-				serverPod.Status.PodIP, int32(s.HostNetworkPorts[1]), s.TimeoutConfig.RequestTimeout, false)
-			assert.True(t, success)
-			success = kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
-				serverPod.Status.PodIP, int32(s.HostNetworkPorts[4]), s.TimeoutConfig.RequestTimeout, false)
-			assert.True(t, success)
-			success = kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "sctp",
-				serverPod.Status.PodIP, int32(s.HostNetworkPorts[6]), s.TimeoutConfig.RequestTimeout, false)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "tcp",
+				serverPod.Status.PodIP, int32(s.HostNetworkPorts[1]), s.TimeoutConfig, false)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
+				serverPod.Status.PodIP, int32(s.HostNetworkPorts[4]), s.TimeoutConfig, false)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "sctp",
+				serverPod.Status.PodIP, int32(s.HostNetworkPorts[6]), s.TimeoutConfig, false)
 		})
 	},
 }

conformance/tests/admin-network-policy-experimental-ingress-rules.go

@@ -17,14 +17,8 @@ limitations under the License.
 package tests
 
 import (
-	"context"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	v1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
 	api "sigs.k8s.io/network-policy-api/apis/v1alpha2"
 	"sigs.k8s.io/network-policy-api/conformance/utils/kubernetes"
 	"sigs.k8s.io/network-policy-api/conformance/utils/suite"
@@ -41,21 +35,10 @@ var CNPAdminTierIngressNamedPort = suite.ConformanceTest{
 	Test: func(t *testing.T, s *suite.ConformanceTestSuite) {
 
 		t.Run("Should support an 'allow-ingress' policy for named port", func(t *testing.T) {
-			ctx, cancel := context.WithTimeout(context.Background(), s.TimeoutConfig.GetTimeout)
-			defer cancel()
 			// This test uses `ingress-udp` admin CNP
 			// cedric-diggory-1 is our server pod in hufflepuff namespace
-			serverPod := &v1.Pod{}
-			err := s.Client.Get(ctx, client.ObjectKey{
-				Namespace: "network-policy-conformance-hufflepuff",
-				Name:      "cedric-diggory-1",
-			}, serverPod)
-			require.NoErrorf(t, err, "unable to fetch the server pod")
-			cnp := &api.ClusterNetworkPolicy{}
-			err = s.Client.Get(ctx, client.ObjectKey{
-				Name: "ingress-udp",
-			}, cnp)
-			require.NoErrorf(t, err, "unable to fetch the cluster network policy")
+			serverPod := kubernetes.GetPod(t, s.Client, "network-policy-conformance-hufflepuff", "cedric-diggory-1", s.TimeoutConfig.GetTimeout)
+			cnp := kubernetes.GetClusterNetworkPolicy(t, s.Client, "ingress-udp", s.TimeoutConfig.GetTimeout)
 			mutate := cnp.DeepCopy()
 			dnsPortRule := mutate.DeepCopy().Spec.Ingress[5]
 			dnsPort := "dns"
@@ -66,19 +49,16 @@ var CNPAdminTierIngressNamedPort = suite.ConformanceTest{
 				},
 			}
 			mutate.Spec.Ingress[5] = dnsPortRule
-			err = s.Client.Patch(ctx, mutate, client.MergeFrom(cnp))
-			require.NoErrorf(t, err, "unable to patch the cluster network policy")
+			kubernetes.PatchClusterNetworkPolicy(t, s.Client, cnp, mutate, s.TimeoutConfig.GetTimeout)
 			// harry-potter-0 is our client pod in gryffindor namespace
 			// ensure ingress is ALLOWED from gryffindor to hufflepuff at the dns port, which is defined as UDP at port 53 in pod spec
 			// modified ingressRule at index5 should take effect
-			success := kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-0", "udp",
-				serverPod.Status.PodIP, int32(53), s.TimeoutConfig.RequestTimeout, true)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-0", "udp",
+				serverPod.Status.PodIP, int32(53), s.TimeoutConfig, true)
 			// harry-potter-1 is our client pod in gryfindor namespace
 			// ensure ingress is DENIED from gryffindor to hufflepuff for rest of the traffic; ingressRule at index6 should take effect
-			success = kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
-				serverPod.Status.PodIP, int32(5353), s.TimeoutConfig.RequestTimeout, false)
-			assert.True(t, success)
+			kubernetes.PokeServer(t, s.ClientSet, &s.KubeConfig, "network-policy-conformance-gryffindor", "harry-potter-1", "udp",
+				serverPod.Status.PodIP, int32(5353), s.TimeoutConfig, false)
 		})
 	},
 }