ipsec: add UnsetTestIPSecKey API for testing purpose

This commit introduces the `UnsetTestIPSecKey` API for testing purpose only. This function is used to reset the current state of IPSec global variables during testing. In particular, it helps to prevent loading two IPSec keys with the same SPI in `node_linux_test`, which would cause the tests to fail after the previous commit. With this function, it is easy to reset the internal state of the IPSec-related variables either while executing a test or when tearing down a test suite. This function is also used in the local `ipsec_linux_test.go`, to expect a coherent behavior while tearing down a test suite. Signed-off-by: Simone Magnani <[email protected]>
sayboras · Oct 2, 2024 · c8e0131 · c8e0131
1 parent 05128f4
commit c8e0131
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/pkg/datapath/linux/ipsec/ipsec_linux.go b/pkg/datapath/linux/ipsec/ipsec_linux.go
@@ -1416,3 +1416,11 @@ func (skr staleKeyReclaimer) onTimer(ctx context.Context) error {
 
 	return nil
 }
+
+// UnsetTestIPSecKey reinitialize the IPSec key-related variables.
+// This function is for testing purpose only and **must not** be used elsewhere.
+func UnsetTestIPSecKey() {
+	ipSecCurrentKeySPI = 0
+	ipSecKeysGlobal = make(map[string]*ipSecKey)
+	ipSecKeysRemovalTime = make(map[uint8]time.Time)
+}
diff --git a/pkg/datapath/linux/ipsec/ipsec_linux_test.go b/pkg/datapath/linux/ipsec/ipsec_linux_test.go
@@ -28,7 +28,7 @@ func setupIPSecSuitePrivileged(tb testing.TB) *slog.Logger {
 	log := hivetest.Logger(tb)
 
 	tb.Cleanup(func() {
-		ipSecKeysGlobal = make(map[string]*ipSecKey)
+		UnsetTestIPSecKey()
 		node.UnsetTestLocalNodeStore()
 		err := DeleteXFRM(log, AllReqID)
 		if err != nil {

diff --git a/pkg/datapath/linux/node_linux_test.go b/pkg/datapath/linux/node_linux_test.go
@@ -201,6 +201,7 @@ func setupLinuxPrivilegedIPv4AndIPv6TestSuite(tb testing.TB) *linuxPrivilegedIPv
 }
 
 func tearDownTest(tb testing.TB) {
+	ipsec.UnsetTestIPSecKey()
 	ipsec.DeleteXFRM(hivetest.Logger(tb), ipsec.AllReqID)
 	node.UnsetTestLocalNodeStore()
 	removeDevice(dummyHostDeviceName)
@@ -828,6 +829,9 @@ func TestNodeChurnXFRMLeaks(t *testing.T) {
 	option.Config.EncryptInterface = []string{externalNodeDevice}
 	option.Config.RoutingMode = option.RoutingModeNative
 
+	// Same test suite, remove previous IPSec key.
+	ipsec.UnsetTestIPSecKey()
+
 	// Cover the XFRM configuration for subnet encryption: IPAM modes AKS and EKS.
 	ipv4PodSubnets, err := cidr.ParseCIDR("4.4.0.0/16")
 	require.NoError(t, err)