From 20f00e69b7825dde17733dcfd065e2cff8c5cbf2 Mon Sep 17 00:00:00 2001
From: Shimrit Peretz <34240686+shimritproj@users.noreply.github.com>
Date: Tue, 21 Jun 2022 17:41:11 +0300
Subject: [PATCH] updated service mesh (#291)

* updated service mesh

* updated best practice to be 5.2

* updated name of the function to be findIstioNamespace
---
 CATALOG.md                                    | 14 +++++------
 .../identifiers/identifiers.go                |  8 +++----
 cnf-certification-test/platform/suite.go      | 23 ++++++++++++-------
 pkg/autodiscover/autodiscover.go              |  2 +-
 pkg/autodiscover/autodiscover_operators.go    |  7 +++---
 5 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/CATALOG.md b/CATALOG.md
index a69f2eb70..80b0659c3 100644
--- a/CATALOG.md
+++ b/CATALOG.md
@@ -592,18 +592,18 @@ Description|http://test-network-function.com/testcases/platform-alteration/ocp-l
 Result Type|normative
 Suggested Remediation|Please update your cluster to a version that is generally available.
 Best Practice Reference|https://connect.redhat.com/sites/default/files/2022-05/Cloud%20Native%20Network%20Function%20Requirements%201-3.pdf Section x.x
-#### service-mesh
+#### service-mesh-usage
 
 Property|Description
 ---|---
-Test Case Name|service-mesh
-Test Case Label|platform-alteration-service-mesh
-Unique ID|http://test-network-function.com/testcases/platform-alteration/service-mesh
+Test Case Name|service-mesh-usage
+Test Case Label|platform-alteration-service-mesh-usage
+Unique ID|http://test-network-function.com/testcases/platform-alteration/service-mesh-usage
 Version|v1.0.0
-Description|http://test-network-function.com/testcases/platform-alteration/service-mesh verifies if service mesh is exist.
+Description|http://test-network-function.com/testcases/platform-alteration/service-mesh-usage verifies whether, if available, service mesh is actually being used by the CNF pods
 Result Type|normative
-Suggested Remediation|
-Best Practice Reference|https://connect.redhat.com/sites/default/files/2022-05/Cloud%20Native%20Network%20Function%20Requirements%201-3.pdf Section 6.2
+Suggested Remediation|Make sure all the CNF pods are using service mesh if the cluster provides it.
+Best Practice Reference|https://connect.redhat.com/sites/default/files/2022-05/Cloud%20Native%20Network%20Function%20Requirements%201-3.pdf Section 5.2
 #### sysctl-config
 
 Property|Description
diff --git a/cnf-certification-test/identifiers/identifiers.go b/cnf-certification-test/identifiers/identifiers.go
index e8a2353a8..d4a965ab9 100644
--- a/cnf-certification-test/identifiers/identifiers.go
+++ b/cnf-certification-test/identifiers/identifiers.go
@@ -272,7 +272,7 @@ var (
 	}
 	// TestServiceMesh checks if service mesh is exist.
 	TestServiceMeshIdentifier = claim.Identifier{
-		Url:     formTestURL(common.PlatformAlterationTestKey, "service-mesh"),
+		Url:     formTestURL(common.PlatformAlterationTestKey, "service-mesh-usage"),
 		Version: versionOne,
 	}
 	// TestOCPLifecycleIdentifier ensures the OCP version of the cluster is within the valid lifecycle status
@@ -773,9 +773,9 @@ the changes for you.`,
 		Identifier: TestServiceMeshIdentifier,
 		Type:       normativeResult,
 		Description: formDescription(TestServiceMeshIdentifier,
-			`verifies if service mesh is exist.`),
-		Remediation:           ``,
-		BestPracticeReference: bestPracticeDocV1dot3URL + " Section 6.2",
+			`verifies whether, if available, service mesh is actually being used by the CNF pods`),
+		Remediation:           `Make sure all the CNF pods are using service mesh if the cluster provides it.`,
+		BestPracticeReference: bestPracticeDocV1dot3URL + " Section 5.2",
 	},
 	TestScalingIdentifier: {
 		Identifier: TestScalingIdentifier,
diff --git a/cnf-certification-test/platform/suite.go b/cnf-certification-test/platform/suite.go
index 1f4b86928..b97b0b458 100644
--- a/cnf-certification-test/platform/suite.go
+++ b/cnf-certification-test/platform/suite.go
@@ -43,7 +43,7 @@ import (
 )
 
 const (
-	istio = "istio-proxy"
+	istioContainerName = "istio-proxy"
 )
 
 //
@@ -121,7 +121,7 @@ var _ = ginkgo.Describe(common.PlatformAlterationTestKey, func() {
 
 	testID = identifiers.XformToGinkgoItIdentifier(identifiers.TestServiceMeshIdentifier)
 	ginkgo.It(testID, ginkgo.Label(testID), func() {
-		testhelper.SkipIfEmptyAny(ginkgo.Skip, env.DebugPods)
+		testhelper.SkipIfEmptyAny(ginkgo.Skip, env.Pods)
 		TestServiceMesh(&env)
 	})
 
@@ -137,21 +137,28 @@ func TestServiceMesh(env *provider.TestEnvironment) {
 	// check if istio is installed
 	if !env.IstioServiceMesh {
 		tnf.ClaimFilePrintf("Istio is not installed")
-		return
+		ginkgo.Skip("No service mesh detected.")
 	}
 	tnf.ClaimFilePrintf("Istio is installed")
 
 	var badPods []string
 	for _, put := range env.Pods {
+		istioProxyFound := false
 		for _, cut := range put.Containers {
-			if cut.Status.Name == istio {
-				tnf.ClaimFilePrintf("For pods %s ,ns %s have service mesh", cut.Podname, cut.Namespace)
-			} else {
-				badPods = append(badPods, "pod "+cut.Podname+" ,ns "+cut.Namespace+" do not have service mesh")
+			if cut.Status.Name == istioContainerName {
+				tnf.ClaimFilePrintf("Istio proxy container found on %s", put)
+				istioProxyFound = true
+				break
 			}
 		}
+		if !istioProxyFound {
+			badPods = append(badPods, put.String())
+		}
+	}
+	if n := len(badPods); n > 0 {
+		tnf.ClaimFilePrintf("Pods not using service mesh: %v", badPods)
+		ginkgo.Fail(fmt.Sprintf("Found %d pods that do not use service mesh.", n))
 	}
-	logrus.Println("bad pods ", badPods)
 }
 
 // testContainersFsDiff test that all CUT didn't install new packages are starting
diff --git a/pkg/autodiscover/autodiscover.go b/pkg/autodiscover/autodiscover.go
index 15b3aea7d..bb360275a 100644
--- a/pkg/autodiscover/autodiscover.go
+++ b/pkg/autodiscover/autodiscover.go
@@ -117,7 +117,7 @@ func DoAutoDiscover() DiscoveredTestData {
 	if err != nil {
 		logrus.Fatalln("Cannot get the K8s version")
 	}
-	data.Istio = findnamespace(oc.K8sClient.CoreV1())
+	data.Istio = findIstioNamespace(oc.K8sClient.CoreV1())
 
 	// Find the status of the OCP version (pre-ga, end-of-life, maintenance, or generally available)
 	data.OCPStatus = compatibility.DetermineOCPStatus(openshiftVersion, time.Now())
diff --git a/pkg/autodiscover/autodiscover_operators.go b/pkg/autodiscover/autodiscover_operators.go
index 2e8eabdeb..e55f67c49 100644
--- a/pkg/autodiscover/autodiscover_operators.go
+++ b/pkg/autodiscover/autodiscover_operators.go
@@ -31,16 +31,17 @@ import (
 )
 
 const (
-	istio = "istio-system"
+	istioNamespace = "istio-system"
 )
 
-func findnamespace(oc corev1client.CoreV1Interface) bool {
+func findIstioNamespace(oc corev1client.CoreV1Interface) bool {
 	nsList, err := oc.Namespaces().List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		logrus.Errorln("Error when listing", "err: ", err)
+		return false
 	}
 	for index := range nsList.Items {
-		if nsList.Items[index].ObjectMeta.Name == istio {
+		if nsList.Items[index].ObjectMeta.Name == istioNamespace {
 			return true
 		}
 	}