diff --git a/cmd/edenNetwork.go b/cmd/edenNetwork.go index e522d0be8..ef421390c 100644 --- a/cmd/edenNetwork.go +++ b/cmd/edenNetwork.go @@ -93,6 +93,7 @@ func newNetworkNetstatCmd() *cobra.Command { func newNetworkCreateCmd() *cobra.Command { var networkType, networkName, uplinkAdapter string var staticDNSEntries []string + var enableFlowlog bool //networkCreateCmd is command for create network instance in EVE var networkCreateCmd = &cobra.Command{ @@ -104,7 +105,8 @@ func newNetworkCreateCmd() *cobra.Command { if len(args) == 1 { subnet = args[0] } - if err := openEVEC.NetworkCreate(subnet, networkType, networkName, uplinkAdapter, staticDNSEntries); err != nil { + if err := openEVEC.NetworkCreate(subnet, networkType, networkName, uplinkAdapter, + staticDNSEntries, enableFlowlog); err != nil { log.Fatal(err) } }, @@ -114,6 +116,7 @@ func newNetworkCreateCmd() *cobra.Command { networkCreateCmd.Flags().StringVarP(&networkName, "name", "n", "", "Name of network (empty for auto generation)") networkCreateCmd.Flags().StringVarP(&uplinkAdapter, "uplink", "u", "eth0", "Name of uplink adapter, set to 'none' to not use uplink") networkCreateCmd.Flags().StringArrayVarP(&staticDNSEntries, "static-dns-entries", "s", []string{}, "List of static DNS entries in format HOSTNAME:IP_ADDR,IP_ADDR,...") + networkCreateCmd.Flags().BoolVar(&enableFlowlog, "enable-flowlog", false, "enable flow logging (EVE collecting and publishing records of application network flows)") return networkCreateCmd } diff --git a/pkg/expect/networkInstance.go b/pkg/expect/networkInstance.go index bff4629d1..df3198735 100644 --- a/pkg/expect/networkInstance.go +++ b/pkg/expect/networkInstance.go @@ -25,6 +25,7 @@ type NetInstanceExpectation struct { netInstType string uplinkAdapter string staticDNSEntries map[string][]string + enableFlowlog bool } // checkNetworkInstance checks if provided netInst match expectation @@ -60,12 +61,13 @@ func (exp *AppExpectation) createNetworkInstance(instanceExpect *NetInstanceExpe Uuid: id.String(), Version: "1", }, - InstType: config.ZNetworkInstType_ZnetInstLocal, //we use local networks for now - Activate: true, - Port: adapter, - Cfg: &config.NetworkInstanceOpaqueConfig{}, - IpType: config.AddressType_IPV4, - Ip: &config.Ipspec{}, + InstType: config.ZNetworkInstType_ZnetInstLocal, //we use local networks for now + Activate: true, + Port: adapter, + Cfg: &config.NetworkInstanceOpaqueConfig{}, + IpType: config.AddressType_IPV4, + Ip: &config.Ipspec{}, + DisableFlowlog: !instanceExpect.enableFlowlog, } if instanceExpect.netInstType == "switch" { netInst.InstType = config.ZNetworkInstType_ZnetInstSwitch diff --git a/pkg/expect/options.go b/pkg/expect/options.go index a217ce7e3..3b80722bb 100644 --- a/pkg/expect/options.go +++ b/pkg/expect/options.go @@ -163,6 +163,18 @@ func WithStaticDNSEntries(networkName string, dnsEntries []string) ExpectationOp } } +// WithFlowlog enables flow logging for the given network instance. +func WithFlowlog(networkName string) ExpectationOption { + return func(expectation *AppExpectation) { + for _, netInstance := range expectation.netInstances { + if netInstance.name != networkName { + continue + } + netInstance.enableFlowlog = true + } + } +} + // WithDiskSize set disk size for created app (equals with image size if not defined) func WithDiskSize(diskSizeBytes int64) ExpectationOption { return func(expectation *AppExpectation) { diff --git a/pkg/openevec/edenNetwork.go b/pkg/openevec/edenNetwork.go index 49761aa4d..97748352d 100644 --- a/pkg/openevec/edenNetwork.go +++ b/pkg/openevec/edenNetwork.go @@ -93,7 +93,8 @@ func (openEVEC *OpenEVEC) NetworkNetstat(niName string, outputFormat types.Outpu return nil } -func (openEVEC *OpenEVEC) NetworkCreate(subnet, networkType, networkName, uplinkAdapter string, staticDNSEntries []string) error { +func (openEVEC *OpenEVEC) NetworkCreate(subnet, networkType, networkName, uplinkAdapter string, + staticDNSEntries []string, enableFlowlog bool) error { if networkType != "local" && networkType != "switch" { return fmt.Errorf("network type %s not supported now", networkType) } @@ -108,6 +109,9 @@ func (openEVEC *OpenEVEC) NetworkCreate(subnet, networkType, networkName, uplink var opts []expect.ExpectationOption opts = append(opts, expect.AddNetInstanceAndPortPublish(subnet, networkType, networkName, nil, uplinkAdapter)) opts = append(opts, expect.WithStaticDNSEntries(networkName, staticDNSEntries)) + if enableFlowlog { + opts = append(opts, expect.WithFlowlog(networkName)) + } expectation := expect.AppExpectationFromURL(ctrl, dev, defaults.DefaultDummyExpect, "", opts...) netInstancesConfigs := expectation.NetworkInstances() mainloop: diff --git a/tests/eclient/testdata/acl.txt b/tests/eclient/testdata/acl.txt index b6e522681..86f41a92d 100644 --- a/tests/eclient/testdata/acl.txt +++ b/tests/eclient/testdata/acl.txt @@ -1,4 +1,4 @@ -# Test particular host access +# Test application ACLs {{define "ssh"}}ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o PasswordAuthentication=no -i {{EdenConfig "eden.tests"}}/eclient/image/cert/id_rsa root@FWD_IP -p FWD_PORT{{end}} @@ -12,6 +12,13 @@ {{define "eclient_image"}}docker://{{EdenConfig "eden.eclient.image"}}:{{EdenConfig "eden.eclient.tag"}}{{end}} +{{$flowlog := EdenGetEnv "EDEN_FLOWLOG"}} +{{$flowlog_opt := ""}} +{{if (eq $flowlog "y")}} +{{$flowlog_opt = "--enable-flowlog"}} +{{end}} + + [!exec:bash] stop [!exec:sleep] stop [!exec:ssh] stop @@ -32,7 +39,7 @@ exec -t 10m bash dns_lookup.sh zededa.com source .env # Create network for which ACLs will be defined. -eden network create 10.11.12.0/24 -n {{$network_name}} -s {{$fake_domain}}:$host_ip +eden network create 10.11.12.0/24 -n {{$network_name}} {{$flowlog_opt}} -s {{$fake_domain}}:$host_ip test eden.network.test -test.v -timewait 10m ACTIVATED {{$network_name}} # First app is only allowed to access github.com and $long_domain. @@ -75,6 +82,7 @@ stderr 'Connected to {{$long_domain}}' ! exec -t 1m bash curl.sh 2224 google.com ! stderr 'Connected' +{{if (eq $flowlog "y")}} # Wait for network packets information exec -t 10m bash wait_netstat.sh curl-acl1 google.com github.com {{$long_domain}} {{$fake_domain}} stdout 'google.com' @@ -88,6 +96,7 @@ stdout 'github.com' stdout '{{$long_domain}}' ! stdout '{{$fake_domain}}' stdout 'ieee.org' +{{end}} # Cleanup - undeploy applications eden pod delete curl-acl1 diff --git a/tests/escript/escript_test.go b/tests/escript/escript_test.go index b2b1842f8..aefb60a39 100644 --- a/tests/escript/escript_test.go +++ b/tests/escript/escript_test.go @@ -31,6 +31,9 @@ func TestEdenScripts(t *testing.T) { split := strings.SplitN(fl, "=", 2) if len(split) == 2 { flagsParsed[strings.TrimSpace(split[0])] = strings.TrimSpace(split[1]) + // Also store the key=value argument into the environment variables so that + // it can be used with EdenGetEnv inside Go templates. + os.Setenv(split[0], split[1]) } } diff --git a/tests/workflow/networking.tests.txt b/tests/workflow/networking.tests.txt index 1508cae54..52c4056cb 100644 --- a/tests/workflow/networking.tests.txt +++ b/tests/workflow/networking.tests.txt @@ -1,5 +1,5 @@ # Number of tests -{{$tests := 13}} +{{$tests := 14}} # EDEN_TEST_SETUP env. var. -- "y"(default) performs the EDEN setup steps {{$setup := "y"}} {{$setup_env := EdenGetEnv "EDEN_TEST_SETUP"}} @@ -35,22 +35,25 @@ eden.escript.test -test.run TestEdenScripts/template_check /bin/echo Eden basic network test (5/{{$tests}}) eden.escript.test -testdata ../network/testdata/ -test.run TestEdenScripts/network_test -/bin/echo Eden ACL to particular host (6/{{$tests}}) -eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/acl -/bin/echo Eden Network light (7/{{$tests}}) +/bin/echo Eden ACLs without flow logging (6/{{$tests}}) +eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/acl --args="EDEN_FLOWLOG=n" +/bin/echo Eden ACLs with flow logging (7/{{$tests}}) +eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/acl --args="EDEN_FLOWLOG=y" + +/bin/echo Eden Network light (8/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/networking_light -/bin/echo Eden Networks switch (8/{{$tests}}) +/bin/echo Eden Networks switch (9/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/nw_switch -/bin/echo Eden Network Ports switch (9/{{$tests}}) +/bin/echo Eden Network Ports switch (10/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/port_switch -/bin/echo Eden Network portmap test (10/{{$tests}}) +/bin/echo Eden Network portmap test (11/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/port_forward -/bin/echo Eden Test DNS service provided to applications (11/{{$tests}}) +/bin/echo Eden Test DNS service provided to applications (12/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/app_dns -/bin/echo Eden Nginx (12/{{$tests}}) +/bin/echo Eden Nginx (13/{{$tests}}) eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/nginx -/bin/echo Testing quick replace of network instances (13/{{$tests}}) +/bin/echo Testing quick replace of network instances (14/{{$tests}}) eden.escript.test -testdata ../network/testdata/ -test.run TestEdenScripts/network_replace_test