#!/bin/bash

#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

set -xe
# test_netpol(namespace, application, component, target_host, expected_result{fail,success})
function test_netpol {
  NS=$1
  APP=$2
  COMPONENT=$3
  HOST=$4
  STATUS=$5
  echo Testing connection from $APP - $COMPONENT to host $HOST with namespace $NS
  POD=$(kubectl -n $NS get pod -l application=$APP,component=$COMPONENT | grep Running | cut -f 1 -d " " | head -n 1)
  PID=$(sudo docker inspect --format '{{ .State.Pid }}' $(kubectl get pods --namespace $NS $POD -o jsonpath='{.status.containerStatuses[0].containerID}' | cut -c 10-21))
  if [ "x${STATUS}" == "xfail" ]; then
    if ! sudo nsenter -t $PID -n wget --spider --timeout=5 --tries=1 $HOST ; then
      echo "Connection timed out; as expected by policy."
    else
      exit 1
    fi
  else
    sudo nsenter -t $PID -n wget --spider --timeout=5 --tries=1 $HOST
  fi
}

#NOTE(gagehugo): Enable the negative tests once the services policy is defined

# General Netpol Tests
# Doing negative tests
#test_netpol openstack mariadb server rabbitmq.openstack.svc.cluster.local:5672 fail
#test_netpol openstack rabbitmq-rabbitmq server memcached.openstack.svc.cluster.local:11211 fail

# Negative Keystone tests
test_netpol openstack mariadb server keystone-api.openstack.svc.cluster.local:5000 fail
test_netpol openstack mariadb ingress keystone-api.openstack.svc.cluster.local:5000 fail
test_netpol openstack memcached server keystone-api.openstack.svc.cluster.local:5000 fail
test_netpol openstack rabbitmq server keystone-api.openstack.svc.cluster.local:5000 fail

# Negative Mariadb tests
test_netpol openstack memcached server mariadb.openstack.svc.cluster.local:3306 fail
test_netpol openstack ingress server mariadb-server.openstack.svc.cluster.local:3306 fail

# Doing positive tests

# Positive Mariadb tests
test_netpol openstack keystone api mariadb.openstack.svc.cluster.local:3306 success
test_netpol openstack keystone api mariadb-server.openstack.svc.cluster.local:3306 success
test_netpol openstack mariadb ingress mariadb-server.openstack.svc.cluster.local:3306 success

test_netpol openstack keystone api rabbitmq.openstack.svc.cluster.local:5672 success
test_netpol openstack ingress server keystone-api.openstack.svc.cluster.local:5000 success
test_netpol openstack prometheus-openstack-exporter exporter keystone-api.openstack.svc.cluster.local:5000 success

if kubectl -n openstack get pod -l application=horizon | grep Running ; then
  test_netpol openstack keystone api horizon.openstack.svc.cluster.local:80 fail
fi

if kubectl -n openstack get pod -l application=cinder | grep Running ; then
# Negative Cinder Tests
  #test_netpol openstack keystone api cinder-api.openstack.svc.cluster.local fail
  test_netpol openstack cinder api horizon.openstack.svc.cluster.local:80 fail
# Positive Cinder Tests
  test_netpol openstack cinder api rabbitmq.openstack.svc.cluster.local:5672 success

  # Positive Keystone test
  test_netpol openstack cinder api keystone-api.openstack.svc.cluster.local:5000 success

  # Positive Mariadb tests
  test_netpol openstack cinder api mariadb.openstack.svc.cluster.local:3306 success
  test_netpol openstack cinder api mariadb-server.openstack.svc.cluster.local:3306 success
else
# Negative Compute-Kit Tests
  #test_netpol openstack keystone api heat-api.openstack.svc.cluster.local fail
  #test_netpol openstack keystone api glance-api.openstack.svc.cluster.local fail
  test_netpol openstack mariadb server glance-api.openstack.svc.cluster.local:9292 fail
  test_netpol openstack memcached server glance-api.openstack.svc.cluster.local:9292 fail
  test_netpol openstack keystone api glance-api.openstack.svc.cluster.local:9292 fail
  # Memcached Negative Tests
  test_netpol openstack mariadb server memcached.openstack.svc.cluster.local:11211 fail
  test_netpol openstack rabbitmq server memcached.openstack.svc.cluster.local:11211 fail
  test_netpol openstack openvswitch openvswitch-vswitchd memcached.openstack.svc.cluster.local:11211 fail
  test_netpol openstack libvirt libvirt memcached.openstack.svc.cluster.local:11211 fail
  # Heat Negative Tests
  test_netpol openstack keystone api heat-api.openstack.svc.cluster.local:8004 fail
  test_netpol openstack nova os-api heat-api.openstack.svc.cluster.local:8004 fail
  test_netpol openstack neutron server heat-api.openstack.svc.cluster.local:8004 fail
  test_netpol openstack glance api heat-api.openstack.svc.cluster.local:8004 fail

# Positive Compute-Kit Tests

  # Positive Mariadb tests
  test_netpol openstack heat api mariadb.openstack.svc.cluster.local:3306 success
  test_netpol openstack glance api mariadb.openstack.svc.cluster.local:3306 success
  test_netpol openstack glance api mariadb-server.openstack.svc.cluster.local:3306 success

  # Positive Keystone tests
  test_netpol openstack heat api keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack glance api keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack horizon server keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack nova os-api keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack nova compute keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack neutron l3-agent keystone-api.openstack.svc.cluster.local:5000 success
  test_netpol openstack ingress server glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack nova os-api glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack nova compute glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack heat api glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack horizon server glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack horizon server heat-api.openstack.svc.cluster.local:8004 success
  test_netpol openstack horizon server heat-cfn.openstack.svc.cluster.local:8000 success
  test_netpol openstack heat api heat-api.openstack.svc.cluster.local:8004 success
fi

echo Test Success