Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(tests): add filters for state machine proptests #7148

Draft
wants to merge 27 commits into
base: main
Choose a base branch
from

Conversation

conectado
Copy link
Contributor

@conectado conectado commented Oct 24, 2024

WIP

Tests are working right now but it needs a bit of polish

Fixes #7126

Copy link

vercel bot commented Oct 24, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
firezone ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 30, 2024 6:16pm

@conectado
Copy link
Contributor Author

I wonder if with this tests I should just remove the old tests for filters, I think these should cover everything?

Though maybe when introducing the new resource selection algorithm this might get too complex with the whole range of filters.

What do you think @thomaseizinger

Copy link
Member

@thomaseizinger thomaseizinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Direction looks good! A few comments regarding the new portal resource types.

For some reason, I thought correctly modelling the filters will be much trickier but it seems to be pretty easy? If this is all we need then I am in favor of deleting the other tests. We should try and get some kind of coverage though to ensure we are actually also sending packets that do make it through the filters.

.boxed()
use crate::messages::gateway::{Filter, Filters, PortRange};

/// Full model of a resource, ressembling what the portal stores, proyections of this are sent to the client and gateways
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// Full model of a resource, ressembling what the portal stores, proyections of this are sent to the client and gateways
/// Full model of a resource, resembling what the portal stores, projections of this are sent to the client and gateways

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar typos further down too.


/// Full model of a resource, ressembling what the portal stores, proyections of this are sent to the client and gateways
#[derive(Debug, Clone)]
pub(crate) enum PortalResource {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move this to the stub_portal module and just call the enum Resource and the use if with the qualified module name?

}

c.sut.add_resource(resource);
c.sut.add_resource(ResourceDescription::from(resource));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we converting to the message type here and not directly into client::Resource? If you implement the right trait, you can even pass it directly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO the ResourceDescription types are only for deserialising from JSON. These tests never deserialise from JSON so they should never need to use these types :)

@@ -265,6 +291,32 @@ where
})
}

fn port_from_resource(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea here is to more often pick ports within the allowed range, otherwise allowed packets w/o internet resource(which in the future shouldn't even happen) would be too sparse

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add some coverage logs to the gateway perhaps?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some coverage for blocked packets here I'll add something for passing packets.

@conectado
Copy link
Contributor Author

Finally tests with 10000 proptest cases are passing!

Needs a bit of polish but will be open for review soon,

Hardest issue was that we need to precisely track what resources the gateway knows at the time each packet is processed to determine what filters are applied.

Will get way easier with #4789 and packet buffering

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Test filters within tunnel state machine proptests
2 participants