remove validation of VPC CIDRs from ip rules (aws#1476)

Recent changes in PR aws#1475 removes the VPC CIDR ranges from the ip route rules. Modify the pod networking agent for compatibility with the new changes introduced for symmetric return path.
M00nF1sh · Jun 7, 2021 · d6b3e0d · d6b3e0d
1 parent e4fcefe
commit d6b3e0d
Showing 1 changed file with 7 additions and 19 deletions.
diff --git a/test/agent/cmd/networking/tester/network.go b/test/agent/cmd/networking/tester/network.go
@@ -19,8 +19,6 @@ import (
 	"fmt"
 	"log"
 	"net"
-	"reflect"
-	"sort"
 	"strings"
 
 	"github.com/aws/amazon-vpc-cni-k8s/test/agent/pkg/input"
@@ -38,10 +36,6 @@ func TestNetworkingSetupForRegularPod(podNetworkingValidationInput input.PodNetw
 		log.Fatalf("failed to list ip rules %v", err)
 	}
 
-	// Sort the VPC CIDR Range as it will be compared with the
-	// IP Routes for Pods using Secondary ENI IPv4Address
-	sort.Strings(podNetworkingValidationInput.VPCCidrRange)
-
 	// Do validation for each Pod and if validation fails instead of failing
 	// entire test add errors to a list for all the failing Pods
 	var validationErrors []error
@@ -99,6 +93,7 @@ func TestNetworkingSetupForRegularPod(podNetworkingValidationInput input.PodNetw
 				nonMainTableRules = append(nonMainTableRules, rule)
 			}
 		}
+		log.Printf("mainTableRules %v, nonMainTableRules %v", mainTableRules, nonMainTableRules)
 
 		// Both Pod with IP from Primary and Secondary ENI will have 1 rule for main route table
 		if len(mainTableRules) != 1 {
@@ -141,21 +136,13 @@ func TestNetworkingSetupForRegularPod(podNetworkingValidationInput input.PodNetw
 		// Pod with IP from Secondary ENI will have additional rule for destination to each
 		// VPC Cidr block
 		if pod.IsIPFromSecondaryENI {
-			var destinationCidrRange []string
-			for _, rule := range nonMainTableRules {
-				destinationCidrRange = append(destinationCidrRange, rule.Dst.String())
-				// Add the secondary route table Index, we will do validation later
-				secondaryRouteTableIndex[rule.Table] = true
-			}
-			sort.Strings(destinationCidrRange)
-			// Validate there is one rule for each VPC CIDR Range
-			if !reflect.DeepEqual(destinationCidrRange, podNetworkingValidationInput.VPCCidrRange) {
+			if len(nonMainTableRules) != 1 {
 				validationErrors = append(validationErrors,
-					fmt.Errorf("failed to find route to vpc cidr: %v", destinationCidrRange))
-				continue
+					fmt.Errorf("incorrect number of ip rules to the secondary route tables: %+v",
+						nonMainTableRules))
+			} else {
+				secondaryRouteTableIndex[nonMainTableRules[0].Table] = true
 			}
-			log.Printf("validated all routes for VPC CIDR %v are present for secondary ENI",
-				destinationCidrRange)
 		}
 		log.Printf("validation for pod %s/%s succeeded", pod.PodNamespace, pod.PodName)
 	}
@@ -185,6 +172,7 @@ func TestNetworkingSetupForRegularPod(podNetworkingValidationInput input.PodNetw
 		}
 		log.Printf("validated route table for secondary ENI %d has right routes", index)
 	}
+  // TODO: validate iptables rules get setup correctly
 
 	return validationErrors
 }