Mock server no longer maintains just a map of connections seen, but a…

…ll connections
stackrox · Oct 21, 2024 · 34247e2 · 34247e2
1 parent ae8bf37
commit 34247e2
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 21 deletions.
diff --git a/integration-tests/pkg/mock_sensor/expect_conn.go b/integration-tests/pkg/mock_sensor/expect_conn.go
@@ -33,7 +33,7 @@ loop:
 		case <-timer:
 			// we know they don't match at this point, but by using
 			// ElementsMatch we get much better logging about the differences
-			return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for networks")
+			return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for network connections")
 		case network := <-s.LiveConnections():
 			if network.GetContainerId() != containerID {
 				continue loop
@@ -72,14 +72,55 @@ loop:
 			if conn.GetContainerId() != containerID {
 				continue loop
 			}
-
 			if len(s.Connections(containerID)) == n {
 				return s.Connections(containerID)
 			}
 		}
 	}
 }
 
+func (s *MockSensor) checkIfConnectionsMatchExpected(t *testing.T, connections []types.NetworkInfo, expected []types.NetworkInfo) bool {
+	if len(connections) > len(expected) {
+		return assert.ElementsMatch(t, expected, connections, "networking connections do not match")
+	}
+
+	if len(connections) == len(expected) {
+		types.SortConnections(connections)
+		for i, _ := range expected {
+			if !expected[i].Equal(connections[i]) {
+				return assert.ElementsMatch(t, expected, connections, "networking connections do not match")
+			}
+		}
+		return true
+	}
+	return false
+}
+
+func (s *MockSensor) ExpectExactConnections(t *testing.T, containerID string, timeout time.Duration, expected ...types.NetworkInfo) bool {
+	types.SortConnections(expected)
+	timer := time.NewTimer(timeout)
+	ticker := time.NewTicker(100 * time.Millisecond)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-timer.C:
+			connections := s.Connections(containerID)
+			types.SortConnections(connections)
+			return s.checkIfConnectionsMatchExpected(t, connections, expected)
+		case <-ticker.C:
+			connections := s.Connections(containerID)
+			types.SortConnections(connections)
+			success := s.checkIfConnectionsMatchExpected(t, connections, expected)
+			if success {
+				return true
+			} else if len(connections) >= len(expected) {
+				return assert.ElementsMatch(t, expected, connections, "networking connections do not match")
+			}
+		}
+	}
+}
+
 // ExpectEndpoints waits up to the timeout for the gRPC server to receive
 // the list of expected Endpoints. It will first check to see if the endpoints
 // have been received already, and then monitor the live feed of endpoints

diff --git a/integration-tests/pkg/mock_sensor/server.go b/integration-tests/pkg/mock_sensor/server.go
@@ -32,7 +32,8 @@ const (
 // us to use any comparable type as the key)
 type ProcessMap map[types.ProcessInfo]interface{}
 type LineageMap map[types.ProcessLineage]interface{}
-type ConnMap map[types.NetworkInfo]interface{}
+
+// type ConnMap map[types.NetworkInfo]interface{}
 type EndpointMap map[types.EndpointInfo]interface{}
 
 type MockSensor struct {
@@ -47,7 +48,8 @@ type MockSensor struct {
 	processLineages map[string]LineageMap
 	processMutex    sync.Mutex
 
-	connections  map[string]ConnMap
+	connections map[string][]types.NetworkInfo
+	//connections  map[string]ConnMap
 	endpoints    map[string]EndpointMap
 	networkMutex sync.Mutex
 
@@ -65,8 +67,9 @@ func NewMockSensor(test string) *MockSensor {
 		testName:        test,
 		processes:       make(map[string]ProcessMap),
 		processLineages: make(map[string]LineageMap),
-		connections:     make(map[string]ConnMap),
-		endpoints:       make(map[string]EndpointMap),
+		connections:     make(map[string][]types.NetworkInfo),
+		//connections:     make(map[string]ConnMap),
+		endpoints: make(map[string]EndpointMap),
 	}
 }
 
@@ -155,11 +158,12 @@ func (m *MockSensor) Connections(containerID string) []types.NetworkInfo {
 	defer m.networkMutex.Unlock()
 
 	if connections, ok := m.connections[containerID]; ok {
-		keys := make([]types.NetworkInfo, 0, len(connections))
-		for k := range connections {
-			keys = append(keys, k)
-		}
-		return keys
+		//keys := make([]types.NetworkInfo, 0, len(connections))
+		//for k := range connections {
+		//	keys = append(keys, k)
+		//}
+		//return keys
+		return connections
 	}
 	return make([]types.NetworkInfo, 0)
 }
@@ -171,7 +175,7 @@ func (m *MockSensor) HasConnection(containerID string, conn types.NetworkInfo) b
 	defer m.networkMutex.Unlock()
 
 	if conns, ok := m.connections[containerID]; ok {
-		for connection := range conns {
+		for _, connection := range conns {
 			if connection.Equal(conn) {
 				return true
 			}
@@ -274,7 +278,7 @@ func (m *MockSensor) Stop() {
 
 	m.processes = make(map[string]ProcessMap)
 	m.processLineages = make(map[string]LineageMap)
-	m.connections = make(map[string]ConnMap)
+	m.connections = make(map[string][]types.NetworkInfo)
 	m.endpoints = make(map[string]EndpointMap)
 
 	m.processChannel.Stop()
@@ -435,11 +439,16 @@ func (m *MockSensor) pushConnection(containerID string, connection *sensorAPI.Ne
 		CloseTimestamp: connection.GetCloseTimestamp().String(),
 	}
 
-	if connections, ok := m.connections[containerID]; ok {
-		connections[conn] = true
+	//if connections, ok := m.connections[containerID]; ok {
+	//	connections[conn] = true
+	//} else {
+	//	connections := ConnMap{conn: true}
+	//	m.connections[containerID] = connections
+	//}
+	if _, ok := m.connections[containerID]; ok {
+		m.connections[containerID] = append(m.connections[containerID], conn)
 	} else {
-		connections := ConnMap{conn: true}
-		m.connections[containerID] = connections
+		m.connections[containerID] = []types.NetworkInfo{conn}
 	}
 }
 

diff --git a/integration-tests/pkg/types/network.go b/integration-tests/pkg/types/network.go
@@ -1,5 +1,9 @@
 package types
 
+import (
+	"sort"
+)
+
 const (
 	NilTimestamp = "<nil>"
 )
@@ -24,3 +28,31 @@ func (n *NetworkInfo) Equal(other NetworkInfo) bool {
 		n.SocketFamily == other.SocketFamily &&
 		n.IsActive() == other.IsActive()
 }
+
+func (n *NetworkInfo) Less(other NetworkInfo) bool {
+	if n.LocalAddress != other.LocalAddress {
+		return n.LocalAddress < other.LocalAddress
+	}
+
+	if n.RemoteAddress != other.RemoteAddress {
+		return n.RemoteAddress < other.RemoteAddress
+	}
+
+	if n.Role != other.Role {
+		return n.Role < other.Role
+	}
+
+	if n.SocketFamily != other.SocketFamily {
+		return n.SocketFamily < other.SocketFamily
+	}
+
+	if n.IsActive() != other.IsActive() {
+		return n.IsActive()
+	}
+
+	return false
+}
+
+func SortConnections(connections []NetworkInfo) {
+	sort.Slice(connections, func(i, j int) bool { return connections[i].Less(connections[j]) })
+}
diff --git a/integration-tests/suites/runtime_config_file.go b/integration-tests/suites/runtime_config_file.go
@@ -113,40 +113,55 @@ func (s *RuntimeConfigFileTestSuite) SetupSuite() {
 	runtimeConfigSuccess := introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
 	expectedConnections := []types.NetworkInfo{activeNormalizedConnection}
-	s.Sensor().ExpectConnections(s.T(), clientContainer, 5*time.Second, expectedConnections...)
+	connectionSuccess := s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.setExternalIpsEnable(runtimeConfigFile, true)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsTrue)
 	s.Require().True(runtimeConfigSuccess)
 	expectedConnections = append(expectedConnections, activeUnnormalizedConnection, inactiveNormalizedConnection)
-	s.Sensor().ExpectConnections(s.T(), clientContainer, 5*time.Second, expectedConnections...)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.setExternalIpsEnable(runtimeConfigFile, false)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
-	expectedConnections = append(expectedConnections, activeNormalizedConnection, inactiveNormalizedConnection)
-	//s.Sensor().ExpectConnections(s.T(), clientContainer, 5*time.Second, expectedConnections...)
+	expectedConnections = append(expectedConnections, activeNormalizedConnection, inactiveUnnormalizedConnection)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.deleteFile(runtimeConfigFile)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.setExternalIpsEnable(runtimeConfigFile, true)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsTrue)
 	s.Require().True(runtimeConfigSuccess)
+	expectedConnections = append(expectedConnections, activeUnnormalizedConnection, inactiveNormalizedConnection)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.deleteFile(runtimeConfigFile)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 60*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
+	expectedConnections = append(expectedConnections, activeNormalizedConnection, inactiveUnnormalizedConnection)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	s.setExternalIpsEnable(runtimeConfigFile, false)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 
 	invalidConfig := "asdf"
 	s.setRuntimeConfig(runtimeConfigFile, invalidConfig)
 	runtimeConfigSuccess = introspection_endpoints.ExpectRuntimeConfig(s.T(), 30*time.Second, externalIpsFalse)
 	s.Require().True(runtimeConfigSuccess)
+	connectionSuccess = s.Sensor().ExpectExactConnections(s.T(), clientContainer, 10*time.Second, expectedConnections...)
+	s.Require().True(connectionSuccess)
 }
 
 func (s *RuntimeConfigFileTestSuite) TearDownSuite() {