Merge branch 'main' into TestCoverage2

Author: adity1raut

ctl/secret/secret.go

@@ -30,7 +30,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"kmesh.net/kmesh/ctl/utils"
-	"kmesh.net/kmesh/pkg/controller/encryption/ipsec"
+	"kmesh.net/kmesh/pkg/controller/encryption"
 	"kmesh.net/kmesh/pkg/kube"
 	"kmesh.net/kmesh/pkg/logger"
 )
@@ -118,7 +118,7 @@ func createKubeClientOrExit() kube.CLIClient {
 }
 
 func CreateOrUpdateSecret(cmd *cobra.Command, args []string) {
-	var ipSecKey, ipSecKeyOld ipsec.IpSecKey
+	var ipSecKey, ipSecKeyOld encryption.IpSecKey
 	var err error
 
 	ipSecKey.AeadKeyName = AeadAlgoName
@@ -215,7 +215,7 @@ func GetSecret() {
 	}
 
 	// Parse the IPsec data
-	var ipSecKey ipsec.IpSecKey
+	var ipSecKey encryption.IpSecKey
 	if err := json.Unmarshal(secret.Data["ipSec"], &ipSecKey); err != nil {
 		log.Errorf("failed to unmarshal secret data: %v", err)
 		os.Exit(1)

go.mod

@@ -162,7 +162,7 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/prometheus/prometheus v0.300.1 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.48.2 // indirect
+	github.com/quic-go/quic-go v0.49.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect

go.sum

@@ -369,8 +369,8 @@ github.com/prometheus/prometheus v0.300.1 h1:9KKcTTq80gkzmXW0Et/QCFSrBPgmwiS3Hlc
 github.com/prometheus/prometheus v0.300.1/go.mod h1:gtTPY/XVyCdqqnjA3NzDMb0/nc5H9hOu1RMame+gHyM=
 github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
 github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
-github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
-github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs=
+github.com/quic-go/quic-go v0.49.1 h1:e5JXpUyF0f2uFjckQzD8jTghZrOUK1xxDqqZhlwixo0=
+github.com/quic-go/quic-go v0.49.1/go.mod h1:s2wDnmCdooUQBmQfpUSTCYBl1/D4FcqbULMMkASvR6s=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

hack/gen_bpf_specs.go

@@ -167,7 +167,9 @@ func main() {
 				importPath := filepath.ToSlash(filepath.Join(modulePrefix, "bpf", "kmesh", "bpf2go", real))
 				pi := pkgInfo{Alias: alias, ImportPath: importPath, OutputDir: real, Entries: list}
 				pkgsDefault = append(pkgsDefault, pi)
-				pkgsEnhanced = append(pkgsEnhanced, pi)
+				if !strings.HasPrefix(real, "dualengine") {
+					pkgsEnhanced = append(pkgsEnhanced, pi)
+				}
 			}
 		}
 	}

pkg/bpf/restart/new_version_mapspec_loader_enhanced.go

@@ -168,14 +168,13 @@ func (c *Controller) Start(stopCh <-chan struct{}) error {
 		if err := c.client.WorkloadController.Run(ctx, stopCh); err != nil {
 			return fmt.Errorf("failed to start workload controller: %+v", err)
 		}
+		if err := c.setupDNSProxy(); err != nil {
+			return fmt.Errorf("failed to start dns proxy: %+v", err)
+		}
 	} else {
 		c.client.AdsController.StartDnsController(stopCh)
 	}
 
-	if err := c.setupDNSProxy(); err != nil {
-		return fmt.Errorf("failed to start dns proxy: %+v", err)
-	}
-
 	return c.client.Run(stopCh)
 }
 

pkg/controller/controller.go

@@ -0,0 +1,24 @@
+/*
+ * Copyright The Kmesh Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package encryption
+
+type IpSecKey struct {
+	Spi         int    `json:"spi"`
+	AeadKeyName string `json:"aeadKeyName"`
+	AeadKey     []byte `json:"aeadKey"`
+	Length      int    `json:"length"`
+}

pkg/controller/encryption/common.go

@@ -44,6 +44,7 @@ import (
 	"kmesh.net/kmesh/daemon/options"
 	"kmesh.net/kmesh/pkg/bpf"
 	"kmesh.net/kmesh/pkg/constants"
+	"kmesh.net/kmesh/pkg/controller/encryption"
 	"kmesh.net/kmesh/pkg/kube"
 	v1alpha1 "kmesh.net/kmesh/pkg/kube/apis/kmeshnodeinfo/v1alpha1"
 	fakeKmeshClientset "kmesh.net/kmesh/pkg/kube/nodeinfo/clientset/versioned/fake"
@@ -96,7 +97,7 @@ var (
 		},
 	}
 
-	testKey = IpSecKey{
+	testKey = encryption.IpSecKey{
 		Spi:         1,
 		AeadKeyName: "rfc4106(gcm(aes))",
 		AeadKey:     DecodeHex("abc9410d7cd6b324461bf16db518646594276c5362c30fc476ebca3f1a394b6ed4462161"),

pkg/controller/encryption/ipsec/ipsec_controller_test.go

@@ -32,30 +32,24 @@ import (
 	"istio.io/istio/pkg/filewatcher"
 
 	"kmesh.net/kmesh/pkg/constants"
+	"kmesh.net/kmesh/pkg/controller/encryption"
 	"kmesh.net/kmesh/pkg/kube/apis/kmeshnodeinfo/v1alpha1"
 )
 
 const (
 	IpSecKeyFile = "./kmesh-ipsec/ipSec"
 )
 
-type IpSecKey struct {
-	Spi         int    `json:"spi"`
-	AeadKeyName string `json:"aeadKeyName"`
-	AeadKey     []byte `json:"aeadKey"`
-	Length      int    `json:"length"`
-}
-
 type IpSecHandler struct {
 	Spi             int
 	mutex           sync.RWMutex
 	watcher         filewatcher.FileWatcher
-	historyIpSecKey map[int]IpSecKey
+	historyIpSecKey map[int]encryption.IpSecKey
 }
 
 func NewIpSecHandler() *IpSecHandler {
 	return &IpSecHandler{
-		historyIpSecKey: make(map[int]IpSecKey),
+		historyIpSecKey: make(map[int]encryption.IpSecKey),
 	}
 }
 
@@ -76,7 +70,7 @@ func (is *IpSecHandler) LoadIPSecKeyFromFile(filePath string) error {
 func (is *IpSecHandler) loadIPSecKeyFromIO(file *os.File) error {
 	reader := bufio.NewReader(file)
 	decoder := json.NewDecoder(reader)
-	var key IpSecKey
+	var key encryption.IpSecKey
 	if err := decoder.Decode(&key); err != nil {
 		return fmt.Errorf("ipsec config file decoder error, %v, please use Kmesh tool generate ipsec secret key", err)
 	}
@@ -231,7 +225,7 @@ func (is *IpSecHandler) createXfrmRuleIngress(rawRemoteIP, rawLocalNicIP, remote
  * ip xfrm state  add src {localNicIP} dst {remoteNicIP} proto esp spi {remoteSpi} mode tunnel reqid 1 {aead-algo} {aead-key} {aead-key-length}
  * ip xfrm policy add src 0.0.0.0/0    dst {remoteCIDR}  dir out tmpl src {localNicIP} dst {remoteNicIP} proto esp spi {remoteSpi} reqid 1 mode tunnel mark 0x{remoteNodeID}00e0
  */
-func (is *IpSecHandler) createXfrmRuleEgress(rawLocalNicIP, rawRemoteIP, localBootID, remoteBootID string, ipsecKey IpSecKey, podCIDRs []string) error {
+func (is *IpSecHandler) createXfrmRuleEgress(rawLocalNicIP, rawRemoteIP, localBootID, remoteBootID string, ipsecKey encryption.IpSecKey, podCIDRs []string) error {
 	src := net.ParseIP(rawLocalNicIP)
 	if src == nil {
 		return fmt.Errorf("failed to parser ip in inserting xfrm rule, input: %v", rawLocalNicIP)
@@ -267,7 +261,7 @@ func (is *IpSecHandler) createXfrmRuleEgress(rawLocalNicIP, rawRemoteIP, localBo
 	return nil
 }
 
-func (is *IpSecHandler) createStateRule(src net.IP, dst net.IP, key []byte, ipsecKey IpSecKey, ingress bool) error {
+func (is *IpSecHandler) createStateRule(src net.IP, dst net.IP, key []byte, ipsecKey encryption.IpSecKey, ingress bool) error {
 	state := &netlink.XfrmState{
 		Src:   src,
 		Dst:   dst,

pkg/controller/encryption/ipsec/ipsec_handler.go

@@ -32,6 +32,7 @@ import (
 	"github.com/vishvananda/netlink"
 
 	"kmesh.net/kmesh/pkg/constants"
+	"kmesh.net/kmesh/pkg/controller/encryption"
 )
 
 // DecodeHex is a utility function to decode a hex string into bytes.
@@ -48,13 +49,13 @@ func TestLoadIPSecKey(t *testing.T) {
 	aeadKey := DecodeHex("2dc9410d7cd6b324461bf16db518646594276c5362c30fc476ebca3f1a394b6ed4462161")
 	tests := []struct {
 		name        string
-		keyData     IpSecKey
+		keyData     encryption.IpSecKey
 		expectError bool
 		errorMsg    string
 	}{
 		{ // Valid
 			name: "valid_rfc4106_key",
-			keyData: IpSecKey{
+			keyData: encryption.IpSecKey{
 				Spi:         1,
 				AeadKeyName: "rfc4106(gcm(aes))",
 				AeadKey:     aeadKey,
@@ -64,7 +65,7 @@ func TestLoadIPSecKey(t *testing.T) {
 		},
 		{
 			name: "invalid_algo_name",
-			keyData: IpSecKey{
+			keyData: encryption.IpSecKey{
 				Spi:         3,
 				AeadKeyName: "aes-gcm", // should start with "rfc"
 				AeadKey:     aeadKey,
@@ -75,7 +76,7 @@ func TestLoadIPSecKey(t *testing.T) {
 		},
 		{
 			name: "empty_algo_name",
-			keyData: IpSecKey{
+			keyData: encryption.IpSecKey{
 				Spi:         4,
 				AeadKeyName: "",
 				AeadKey:     aeadKey,
@@ -161,13 +162,13 @@ func TestLoadIPSecKey(t *testing.T) {
 	// Test multiple key loading (should update history)
 	tests = []struct {
 		name        string
-		keyData     IpSecKey
+		keyData     encryption.IpSecKey
 		expectError bool
 		errorMsg    string
 	}{
 		{
 			name: "first_key",
-			keyData: IpSecKey{
+			keyData: encryption.IpSecKey{
 				Spi:         1,
 				AeadKeyName: "rfc4106(gcm(aes))",
 				AeadKey:     aeadKey,
@@ -177,7 +178,7 @@ func TestLoadIPSecKey(t *testing.T) {
 		},
 		{
 			name: "second_key",
-			keyData: IpSecKey{
+			keyData: encryption.IpSecKey{
 				Spi:         2,
 				AeadKeyName: "rfc4106(gcm(aes))",
 				AeadKey:     DecodeHex("abc9410d7cd6b324461bf16db518646594276c5362c30fc476ebca3f1a394b6ed4462161"),
@@ -334,7 +335,7 @@ func hasStateRule(state *netlink.XfrmState) (bool, error) {
 func TestCreateStateRule(t *testing.T) {
 	handler := NewIpSecHandler()
 	testKey := DecodeHex("2dc9410d7cd6b324461bf16db518646594276c5362c30fc476ebca3f1a394b6ed4462161")
-	ipsecKey := IpSecKey{
+	ipsecKey := encryption.IpSecKey{
 		Spi:         1001,
 		AeadKeyName: "rfc4106(gcm(aes))",
 		AeadKey:     testKey,
@@ -536,7 +537,7 @@ func TestFlush(t *testing.T) {
 
 	// create state rule
 	testKey := DecodeHex("2dc9410d7cd6b324461bf16db518646594276c5362c30fc476ebca3f1a394b6ed4462161")
-	ipsecKey := IpSecKey{
+	ipsecKey := encryption.IpSecKey{
 		Spi:         1001,
 		AeadKeyName: "rfc4106(gcm(aes))",
 		AeadKey:     testKey,