From 771c4e3061176adbfda4368ea2371cb1a3d31058 Mon Sep 17 00:00:00 2001
From: Patryk Matuszak <305846+pmtk@users.noreply.github.com>
Date: Thu, 14 Mar 2024 11:34:39 +0100
Subject: [PATCH] USHIFT-2229: Test Multus - ipvlan CNI

---
 test/assets/multus-network.xml                |  9 ++++++
 test/assets/multus/ipvlan-nad.yaml            | 20 +++++++++++++
 test/assets/multus/ipvlan-pod.yaml            | 28 +++++++++++++++++++
 test/bin/common.sh                            |  4 +++
 test/bin/manage_hypervisor_config.sh          | 14 +++++++++-
 test/scenarios-periodics/el92-src@optional.sh |  8 +++++-
 test/suites/optional/multus.robot             | 18 +++++++++++-
 7 files changed, 98 insertions(+), 3 deletions(-)
 create mode 100644 test/assets/multus-network.xml
 create mode 100644 test/assets/multus/ipvlan-nad.yaml
 create mode 100644 test/assets/multus/ipvlan-pod.yaml

diff --git a/test/assets/multus-network.xml b/test/assets/multus-network.xml
new file mode 100644
index 0000000000..7c7491eb54
--- /dev/null
+++ b/test/assets/multus-network.xml
@@ -0,0 +1,9 @@
+<network>
+  <name>${VM_MULTUS_NETWORK}</name>
+  <forward mode='nat'/>
+  <ip address='192.168.112.1' netmask='255.255.255.0' localPtr='yes'>
+    <dhcp>
+      <range start='192.168.112.100' end='192.168.112.254'/>
+    </dhcp>
+  </ip>
+</network>
diff --git a/test/assets/multus/ipvlan-nad.yaml b/test/assets/multus/ipvlan-nad.yaml
new file mode 100644
index 0000000000..b1188c5916
--- /dev/null
+++ b/test/assets/multus/ipvlan-nad.yaml
@@ -0,0 +1,20 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: ipvlan-conf
+spec:
+  config: '{
+      "cniVersion": "0.4.0",
+      "name": "test",
+      "type": "ipvlan",
+      "master": "enp2s0",
+      "mode": "l2",
+      "ipam": {
+        "type": "static",
+        "addresses": [
+          {
+            "address": "192.168.112.2/24"
+          }
+        ]
+      }
+    }'
diff --git a/test/assets/multus/ipvlan-pod.yaml b/test/assets/multus/ipvlan-pod.yaml
new file mode 100644
index 0000000000..9e416f648e
--- /dev/null
+++ b/test/assets/multus/ipvlan-pod.yaml
@@ -0,0 +1,28 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: test-ipvlan
+  annotations:
+    k8s.v1.cni.cncf.io/networks: ipvlan-conf
+  labels:
+    app: test-ipvlan
+spec:
+  terminationGracePeriodSeconds: 0
+  containers:
+  - name: hello-microshift
+    image: quay.io/microshift/busybox:1.36
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo -ne \"HTTP/1.0 200 OK\r\nContent-Length: 16\r\n\r\nHello MicroShift\" | nc -l -p 8080 ; done"]
+    ports:
+    - containerPort: 8080
+      protocol: TCP
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      runAsNonRoot: true
+      runAsUser: 1001
+      runAsGroup: 1001
+      seccompProfile:
+        type: RuntimeDefault
diff --git a/test/bin/common.sh b/test/bin/common.sh
index ee5d5739c0..d9a58e078c 100644
--- a/test/bin/common.sh
+++ b/test/bin/common.sh
@@ -36,6 +36,10 @@ VM_DISK_BASEDIR="${IMAGEDIR}/${VM_POOL_BASENAME}"
 # shellcheck disable=SC2034  # used elsewhere
 export VM_ISOLATED_NETWORK="isolated"
 
+# Libvirt network for Multus tests
+# shellcheck disable=SC2034  # used elsewhere
+export VM_MULTUS_NETWORK="multus"
+
 # Location of RPMs built from source
 # shellcheck disable=SC2034  # used elsewhere
 RPM_SOURCE="${OUTPUTDIR}/rpmbuild"
diff --git a/test/bin/manage_hypervisor_config.sh b/test/bin/manage_hypervisor_config.sh
index c3ae5792ec..1721631c84 100755
--- a/test/bin/manage_hypervisor_config.sh
+++ b/test/bin/manage_hypervisor_config.sh
@@ -28,7 +28,7 @@ firewall_settings() {
 
     sudo firewall-cmd --permanent --zone=libvirt "--${action}-service=mdns"
 
-    for netname in default "${VM_ISOLATED_NETWORK}" ; do
+    for netname in default "${VM_ISOLATED_NETWORK}" "${VM_MULTUS_NETWORK}" ; do
         if ! sudo virsh net-info "${netname}" &>/dev/null ; then
             continue
         fi
@@ -67,6 +67,18 @@ action_create() {
         sudo virsh net-autostart "${VM_ISOLATED_NETWORK}"
     fi
 
+    if ! sudo sudo virsh net-info "${VM_MULTUS_NETWORK}" &>/dev/null ; then
+        local -r multus_netconfig_tmpl="${SCRIPTDIR}/../assets/multus-network.xml"
+        local -r multus_netconfig_file="${IMAGEDIR}/infra/multus-network.xml"
+
+        mkdir -p "$(dirname "${multus_netconfig_file}")"
+        envsubst <"${multus_netconfig_tmpl}" >"${multus_netconfig_file}"
+
+        sudo virsh net-define    "${multus_netconfig_file}"
+        sudo virsh net-start     "${VM_MULTUS_NETWORK}"
+        sudo virsh net-autostart "${VM_MULTUS_NETWORK}"
+    fi
+
     # Firewall
     firewall_settings "add"
 }
diff --git a/test/scenarios-periodics/el92-src@optional.sh b/test/scenarios-periodics/el92-src@optional.sh
index 9f527b3d5a..b7f615b3a6 100644
--- a/test/scenarios-periodics/el92-src@optional.sh
+++ b/test/scenarios-periodics/el92-src@optional.sh
@@ -2,9 +2,15 @@
 
 # Sourced from scenario.sh and uses functions defined there.
 
+# Redefine network-related settings to use the dedicated network bridge
+VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_MULTUS_NETWORK}")"
+# shellcheck disable=SC2034  # used elsewhere
+WEB_SERVER_URL="http://${VM_BRIDGE_IP}:${WEB_SERVER_PORT}"
+
 scenario_create_vms() {
     prepare_kickstart host1 kickstart.ks.template rhel-9.2-microshift-source-optionals
-    launch_vm host1
+    # Two nics - one for macvlan, another for ipvlan (they cannot enslave the same interface)
+    launch_vm host1 "" "${VM_MULTUS_NETWORK}" "" "" "" 2
 }
 
 scenario_remove_vms() {
diff --git a/test/suites/optional/multus.robot b/test/suites/optional/multus.robot
index 2518df7214..734f23aa13 100644
--- a/test/suites/optional/multus.robot
+++ b/test/suites/optional/multus.robot
@@ -25,6 +25,10 @@ ${MACVLAN_NAD_YAML}         ./assets/multus/macvlan-nad.yaml
 ${MACVLAN_POD_YAML}         ./assets/multus/macvlan-pod.yaml
 ${MACVLAN_POD_NAME}         test-macvlan
 
+${IPVLAN_NAD_YAML}          ./assets/multus/ipvlan-nad.yaml
+${IPVLAN_POD_YAML}          ./assets/multus/ipvlan-pod.yaml
+${IPVLAN_POD_NAME}          test-ipvlan
+
 
 *** Test Cases ***
 Pre-Existing Bridge Interface
@@ -83,6 +87,18 @@ Macvlan
 
     [Teardown]    Remove NAD And Pod    ${MACVLAN_NAD_YAML}    ${MACVLAN_POD_YAML}
 
+Ipvlan
+    [Documentation]    Tests if Pod with ipvlan plugin interface is accessible
+    ...    from outside the MicroShift host.
+    [Setup]    Run Keywords
+    ...    Create NAD And Pod    ${IPVLAN_NAD_YAML}    ${IPVLAN_POD_YAML}
+    ...    AND
+    ...    Named Pod Should Be Ready    ${IPVLAN_POD_NAME}    ${NAMESPACE}
+
+    Connect To Pod From The Hypervisor    ${IPVLAN_POD_NAME}    ${NAMESPACE}    ${NAMESPACE}/ipvlan-conf
+
+    [Teardown]    Remove NAD And Pod    ${IPVLAN_NAD_YAML}    ${IPVLAN_POD_YAML}
+
 
 *** Keywords ***
 Create NAD And Pod
@@ -122,7 +138,7 @@ Connect To Pod From The Hypervisor
 
     ${networks}=    Get And Verify Pod Networks    ${pod}    ${ns}    ${extra_cni_name}
     ${extra_ip}=    Set Variable    ${networks}[1][ips][0]
-    Should Contain    ${extra_ip}    192.168.122
+    Should Contain    ${extra_ip}    192.168.112
 
     ${result}=    Process.Run Process    curl    -v    ${extra_ip}:8080
     Should Contain    ${result.stdout}    Hello MicroShift