Add test, fix duplicated namespaces filters

Author: jotak

internal/controller/flp/flp_monolith_objects.go

@@ -119,7 +119,7 @@ func (b *monolithBuilder) deployment(annotations map[string]string) *appsv1.Depl
 }
 
 func (b *monolithBuilder) configMaps() (*corev1.ConfigMap, string, *corev1.ConfigMap, error) {
-	kafkaStage := newGRPCPipeline(b.desired)
+	grpcStage := newGRPCPipeline(b.desired)
 	pipeline := newPipelineBuilder(
 		b.desired,
 		b.flowMetrics,
@@ -128,7 +128,7 @@ func (b *monolithBuilder) configMaps() (*corev1.ConfigMap, string, *corev1.Confi
 		b.info.Loki,
 		b.info.ClusterInfo.GetID(),
 		&b.volumes,
-		&kafkaStage,
+		&grpcStage,
 	)
 	err := pipeline.AddProcessorStages()
 	if err != nil {

internal/controller/flp/slices.go

@@ -16,28 +16,33 @@ func slicesToFilters(fc *flowslatest.FlowCollectorSpec, fcSlices []sliceslatest.
 	if fc.Processor.SlicesConfig.CollectionMode == flowslatest.CollectionAlwaysCollect {
 		return nil
 	}
+	processed := make(map[string]any)
 	var rules []api.TransformFilterRule
 	for _, ns := range fc.Processor.SlicesConfig.NamespacesAllowList {
-		var query string
 		if len(ns) >= 2 && strings.HasPrefix(ns, "/") && strings.HasSuffix(ns, "/") {
 			// Regex
 			pattern := strings.TrimPrefix(strings.TrimSuffix(ns, "/"), "/")
-			query = fmt.Sprintf(`SrcK8S_Namespace=~"%s" or DstK8S_Namespace=~"%s"`, pattern, pattern)
-		} else {
-			query = fmt.Sprintf(`SrcK8S_Namespace="%s" or DstK8S_Namespace="%s"`, ns, ns)
+			rules = append(rules, api.TransformFilterRule{
+				Type:           api.KeepEntryQuery,
+				KeepEntryQuery: fmt.Sprintf(`SrcK8S_Namespace=~"%s" or DstK8S_Namespace=~"%s"`, pattern, pattern),
+			})
+		} else if _, found := processed[ns]; !found {
+			rules = append(rules, api.TransformFilterRule{
+				Type:           api.KeepEntryQuery,
+				KeepEntryQuery: fmt.Sprintf(`SrcK8S_Namespace="%s" or DstK8S_Namespace="%s"`, ns, ns),
+			})
+			processed[ns] = nil
 		}
-		rules = append(rules, api.TransformFilterRule{
-			Type:           api.KeepEntryQuery,
-			KeepEntryQuery: query,
-		})
 	}
 	for i := range fcSlices {
-		query := fmt.Sprintf(`SrcK8S_Namespace="%s" or DstK8S_Namespace="%s"`, fcSlices[i].Namespace, fcSlices[i].Namespace)
-		rules = append(rules, api.TransformFilterRule{
-			Type:              api.KeepEntryQuery,
-			KeepEntryQuery:    query,
-			KeepEntrySampling: uint16(fcSlices[i].Spec.Sampling),
-		})
+		if _, found := processed[fcSlices[i].Namespace]; !found {
+			rules = append(rules, api.TransformFilterRule{
+				Type:              api.KeepEntryQuery,
+				KeepEntryQuery:    fmt.Sprintf(`SrcK8S_Namespace="%s" or DstK8S_Namespace="%s"`, fcSlices[i].Namespace, fcSlices[i].Namespace),
+				KeepEntrySampling: uint16(fcSlices[i].Spec.Sampling),
+			})
+			processed[fcSlices[i].Namespace] = nil
+		}
 	}
 	return rules
 }

internal/controller/flp/slices_api_test.go

@@ -0,0 +1,203 @@
+package flp
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/netobserv/flowlogs-pipeline/pkg/api"
+	"github.com/netobserv/flowlogs-pipeline/pkg/config"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	flowslatest "github.com/netobserv/network-observability-operator/api/flowcollector/v1beta2"
+	sliceslatest "github.com/netobserv/network-observability-operator/api/flowcollectorslice/v1alpha1"
+	"github.com/netobserv/network-observability-operator/api/flowmetrics/v1alpha1"
+	"github.com/netobserv/network-observability-operator/internal/controller/flp/fmstatus"
+	"github.com/netobserv/network-observability-operator/internal/controller/reconcilers"
+	"github.com/netobserv/network-observability-operator/internal/pkg/cluster"
+	"github.com/netobserv/network-observability-operator/internal/pkg/helper"
+	"github.com/netobserv/network-observability-operator/internal/pkg/manager/status"
+)
+
+var (
+	adminSubnets = []flowslatest.SubnetLabel{
+		{
+			Name:  "admin",
+			CIDRs: []string{"10.0.0.0/16"},
+		},
+	}
+	autoSubnets = []flowslatest.SubnetLabel{
+		{
+			Name:  "test",
+			CIDRs: []string{"1.2.3.4/32", "10.0.0.0/8"},
+		},
+	}
+	slicez = []sliceslatest.FlowCollectorSlice{
+		{
+			ObjectMeta: v1.ObjectMeta{Name: "a", Namespace: "ns-a"},
+		},
+		{
+			ObjectMeta: v1.ObjectMeta{Name: "b1", Namespace: "ns-b"},
+			Spec: sliceslatest.FlowCollectorSliceSpec{
+				SubnetLabels: []sliceslatest.SubnetLabel{
+					{
+						Name:  "my-override",
+						CIDRs: []string{"10.10.0.0/16"},
+					},
+					{
+						Name:  "my-label",
+						CIDRs: []string{"100.0.0.0/24"},
+					},
+				},
+			},
+		},
+		{
+			ObjectMeta: v1.ObjectMeta{Name: "b2", Namespace: "ns-b"},
+			Spec: sliceslatest.FlowCollectorSliceSpec{
+				SubnetLabels: []sliceslatest.SubnetLabel{
+					{
+						Name:  "my-label-2",
+						CIDRs: []string{"100.51.0.0/24"},
+					},
+				},
+			},
+		},
+	}
+)
+
+func getConfiguredFiltersAndSubnets(cm *corev1.ConfigMap) ([]api.TransformFilterRule, []api.NetworkTransformSubnetLabel) {
+	var cfs config.Root
+	err := json.Unmarshal([]byte(cm.Data[configFile]), &cfs)
+	if err != nil {
+		return nil, nil
+	}
+	var filters []api.TransformFilterRule
+	var subnetLabels []api.NetworkTransformSubnetLabel
+	for _, stage := range cfs.Parameters {
+		if stage.Transform != nil && stage.Name == "enrich" {
+			subnetLabels = stage.Transform.Network.SubnetLabels
+		}
+		if stage.Transform != nil && stage.Name == "filters" {
+			filters = stage.Transform.Filter.Rules
+		}
+	}
+	return filters, subnetLabels
+}
+
+func defaultBuilderWithSlices(cfg *flowslatest.SlicesConfig) (monolithBuilder, error) {
+	fc := getConfig()
+	fc.Processor.SlicesConfig = cfg
+	fc.Processor.SubnetLabels.CustomLabels = adminSubnets
+	info := reconcilers.Common{Namespace: "namespace", Loki: &helper.LokiConfig{}, ClusterInfo: &cluster.Info{}}
+	return newMonolithBuilder(info.NewInstance(image, status.Instance{}), &fc, &v1alpha1.FlowMetricList{}, slicez, autoSubnets)
+}
+
+func TestSlicesDisabled(t *testing.T) {
+	fmstatus.Reset()
+	b, err := defaultBuilderWithSlices(&flowslatest.SlicesConfig{Enable: false})
+	assert.NoError(t, err)
+	cm, _, _, err := b.configMaps()
+	assert.NoError(t, err)
+	filters, subnets := getConfiguredFiltersAndSubnets(cm)
+	assert.Nil(t, filters)
+	assert.Equal(t, []api.NetworkTransformSubnetLabel{
+		{
+			Name:  "admin",
+			CIDRs: []string{"10.0.0.0/16"},
+		},
+		{
+			Name:  "test",
+			CIDRs: []string{"1.2.3.4/32", "10.0.0.0/8"},
+		},
+	}, subnets)
+}
+
+func TestSlicesEnablesCollectAll(t *testing.T) {
+	fmstatus.Reset()
+	b, err := defaultBuilderWithSlices(&flowslatest.SlicesConfig{
+		Enable:              true,
+		CollectionMode:      flowslatest.CollectionAlwaysCollect,
+		NamespacesAllowList: []string{"should-be-ignored"},
+	})
+	assert.NoError(t, err)
+	cm, _, _, err := b.configMaps()
+	assert.NoError(t, err)
+	filters, subnets := getConfiguredFiltersAndSubnets(cm)
+	assert.Nil(t, filters)
+	assert.Equal(t, []api.NetworkTransformSubnetLabel{
+		{
+			Name:  "admin",
+			CIDRs: []string{"10.0.0.0/16"},
+		},
+		{
+			Name:  "my-override",
+			CIDRs: []string{"10.10.0.0/16"},
+		},
+		{
+			Name:  "my-label",
+			CIDRs: []string{"100.0.0.0/24"},
+		},
+		{
+			Name:  "my-label-2",
+			CIDRs: []string{"100.51.0.0/24"},
+		},
+		{
+			Name:  "test",
+			CIDRs: []string{"1.2.3.4/32", "10.0.0.0/8"},
+		},
+	}, subnets)
+}
+
+func TestSlicesEnablesWhitelist(t *testing.T) {
+	fmstatus.Reset()
+	b, err := defaultBuilderWithSlices(&flowslatest.SlicesConfig{
+		Enable:              true,
+		CollectionMode:      flowslatest.CollectionAllowList,
+		NamespacesAllowList: []string{"should-be-filtered", "/should-.*/"},
+	})
+	assert.NoError(t, err)
+	cm, _, _, err := b.configMaps()
+	assert.NoError(t, err)
+	filters, subnets := getConfiguredFiltersAndSubnets(cm)
+	assert.Equal(t, []api.TransformFilterRule{
+		{
+			Type:           api.KeepEntryQuery,
+			KeepEntryQuery: `SrcK8S_Namespace="should-be-filtered" or DstK8S_Namespace="should-be-filtered"`,
+		},
+		{
+			Type:           api.KeepEntryQuery,
+			KeepEntryQuery: `SrcK8S_Namespace=~"should-.*" or DstK8S_Namespace=~"should-.*"`,
+		},
+		{
+			Type:           api.KeepEntryQuery,
+			KeepEntryQuery: `SrcK8S_Namespace="ns-a" or DstK8S_Namespace="ns-a"`,
+		},
+		{
+			Type:           api.KeepEntryQuery,
+			KeepEntryQuery: `SrcK8S_Namespace="ns-b" or DstK8S_Namespace="ns-b"`,
+		},
+	}, filters)
+	assert.Equal(t, []api.NetworkTransformSubnetLabel{
+		{
+			Name:  "admin",
+			CIDRs: []string{"10.0.0.0/16"},
+		},
+		{
+			Name:  "my-override",
+			CIDRs: []string{"10.10.0.0/16"},
+		},
+		{
+			Name:  "my-label",
+			CIDRs: []string{"100.0.0.0/24"},
+		},
+		{
+			Name:  "my-label-2",
+			CIDRs: []string{"100.51.0.0/24"},
+		},
+		{
+			Name:  "test",
+			CIDRs: []string{"1.2.3.4/32", "10.0.0.0/8"},
+		},
+	}, subnets)
+}