Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration tests for testnet.polykey.io #441

Merged
merged 2 commits into from
Oct 27, 2022
Merged

Integration tests for testnet.polykey.io #441

merged 2 commits into from
Oct 27, 2022

Conversation

emmacasolin
Copy link
Contributor

@emmacasolin emmacasolin commented Aug 11, 2022
edited by tegefaulkes
Loading

Description

Adding a suite of integration tests for interacting with a deployed agent at testnet.polykey.io. These will go under tests/integration/testnet.

Issues Fixed

Tasks

Required tests:

  • Connecting to testnet.polykey.io seed node (by setting as seed node during pk agent start)
  • [ ] Verification of seed node in local keynode's NodeGraph (pk nodes getall)
  • [ ] Sending notification to seed node (expect failure because no trust established, but this shouldn't show up locally)
  • [ ] Establishing trust of seed node with local keynode (pk identities trust)
  • [ ] Verifying node has been added to seed node's gestalt graph after trust has been established (pk identities get/list)
  • [ ] Sending notification to seed node, and verifying seed node received (will need to connect to testnet and run pk notifications read)
  • Pinging the seed node
  • Pinging another node through the seed node

Final checklist

  • Domain specific tests
  • Full tests
  • Updated inline-comment documentation
  • Lint fixed
  • Squash and rebased
  • Sanity check the final build

@emmacasolin emmacasolin added the development Standard development label Aug 11, 2022
@emmacasolin emmacasolin self-assigned this Aug 11, 2022
@ghost
Copy link

ghost commented Aug 11, 2022
edited by ghost
Loading

👇 Click on the image for a new way to code review

  • Make big changes easier — review code in small groups of related files

  • Know where to start — see the whole change at a glance

  • Take a code tour — explore the change with an interactive tour

  • Make comments and review — all fully sync’ed with github

    Try it now!

Review these changes using an interactive CodeSee Map

Legend

CodeSee Map Legend

@emmacasolin emmacasolin mentioned this pull request Aug 11, 2022
Closed
11 tasks
@CMCDragonkai
Copy link
Member

Ok so these will be the first directory grouped integration tests with respect to #435. So far you don't need to "reuse" any tests from tests/nat right as #435 isn't done yet.

@emmacasolin
Copy link
Contributor Author

How should the testnet be specified as a seed node in these tests? Using --network=testnet isn't working for me, and specifying the deployed nodes individually using --seed-nodes would be too brittle since the deployed agents change relatively frequently.

@emmacasolin
Copy link
Contributor Author

One problem with our testnet NAT tests is that the testnet needs to coordinate signalling between two network namespaces running on a single real machine. This essentially becomes a double NAT.

                                           Testnet
                                      ┌───────────────┐
                                      │               │
                                      │ ┌───────────┐ │
                                      │ │ SeedNode  │ │
                                      │ └───────────┘ │
                                      │   HOST:PORT   │
                                      │               │
                                      └───────────────┘

    Real Computer
┌──────────────────────────────────────────────────────────────────────────────────────────┐
│                                                                                          │
│                                       ┌──────────┐                                       │
│                                       │ Real NAT │                                       │
│                                       └──────────┘                                       │
│                                                                                          │
│  ┌────────────────────────────────────────────────────────────────────────────────────┐  │
│  │                                                                                    │  │
│  │               Namespace1                                  Namespace2               │  │
│  │ ┌────────────────────────────────────┐      ┌────────────────────────────────────┐ │  │
│  │ │                                    │      │                                    │ │  │
│  │ │   ┌────────┐        ┌─────────┐    │      │    ┌─────────┐        ┌────────┐   │ │  │
│  │ │   │ Agent1 ├────────┤ Router1 │    │      │    │ Router2 ├────────┤ Agent2 │   │ │  │
│  │ │   └────────┘        └─────────┘    │      │    └─────────┘        └────────┘   │ │  │
│  │ │ 10.0.0.2:55551   192.168.0.1:55555 │      │ 192.168.0.2:55555   10.0.0.2:55552 │ │  │
│  │ │                                    │      │                                    │ │  │
│  │ └────────────────────────────────────┘      └────────────────────────────────────┘ │  │
│  │                                                                                    │  │
│  └────────────────────────────────────────────────────────────────────────────────────┘  │
│                                                                                          │
│                                                                                          │
└──────────────────────────────────────────────────────────────────────────────────────────┘

The two namespaces each have their own IPs, but the real computer only has one. We need a way for the namespaces to communicate with eachother through this virtual NAT, keeping in mind that this communication may be intercepted by the real system's NAT.

There are two solutions I can think of here.

  1. Create additional iptables rules on the network namespaces, something like a DNAT rule, to modify packets in some way to allow them to reach their destination (the other namespace). This could get confusing though.
  2. It may be possible to get around this by creating direct veth links between the real computer and namespaces to aid with packet forwarding, but I'm not sure if this would work. Note that something like this would be required anyway for any agent inside a namespace to communicate with the testnet, since network namespaces are not automatically linked to the real network (and consequently the internet).

@CMCDragonkai
Copy link
Member

How should the testnet be specified as a seed node in these tests? Using --network=testnet isn't working for me, and specifying the deployed nodes individually using --seed-nodes would be too brittle since the deployed agents change relatively frequently.

We will need to solve this in #403 and #285.

@CMCDragonkai CMCDragonkai mentioned this pull request Sep 8, 2022
Merged
15 tasks
@CMCDragonkai
Copy link
Member

This will rebase on top of #445 and will be next.

@CMCDragonkai
Copy link
Member

Assuming all bugs are fixed.

@CMCDragonkai CMCDragonkai mentioned this pull request Sep 26, 2022
Merged
@CMCDragonkai
Copy link
Member

CMCDragonkai commented Sep 26, 2022
edited
Loading

@tegefaulkes can you put up the list here in the PR description about all the tests that been disabled due to getting staging passing (from #411).

In this PR we will re-enable all of those tests, but after fixing everything.

@tegefaulkes
Copy link
Contributor

Maybe they should be re-enabled in the PRs addressing the issues we disabled them for?

This was referenced May 15, 2023
Closed
Closed
@tegefaulkes
Copy link
Contributor

I've re-based on staging.

CMCDragonkai
CMCDragonkai reviewed Oct 26, 2022
View reviewed changes
tests/integration/testnet/testnetNAT.test.ts Outdated
Comment on lines 21 to 46
test.todo('EIM to testnet.polykey.io', async () => {
// Local agent behind EIM NAT can ping testnet.polykey.io
});
test.todo('EDM to testnet.polykey.io', async () => {
// Local agent behind EDM NAT can ping testnet.polykey.io
});
test.todo('DMZ to EIM via testnet.polykey.io', async () => {
// Local agent behind DMZ can ping local agent behind EIM NAT using seed
// node signaller (and can ping back)
});
test.todo('DMZ to EDM via testnet.polykey.io', async () => {
// Local agent behind DMZ cannot ping local agent behind EDM NAT using seed
// node signaller (but can using relay) (and can ping back)
});
test.todo('EIM to EIM via testnet.polykey.io', async () => {
// Local agent behind EIM can ping local agent behind EIM NAT using seed
// node signaller (and can ping back)
});
test.todo('EIM to EDM via testnet.polykey.io', async () => {
// Local agent behind EIM cannot ping local agent behind EDM NAT using seed
// node signaller (but can using relay) (and can ping back)
});
test.todo('EDM to EDM via testnet.polykey.io', async () => {
// Local agent behind EDM cannot ping local agent behind EDM NAT using seed
// node signaller (but can using relay) (and can ping back)
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests would all be moved to a sort of Polykey-Simulation repository. As we cannot control the firewall and NAT situation of the test runner in these unit tests.

@CMCDragonkai
Copy link
Member

Remember to extract out the tests that will go into a simulation suite, and then tick off the tasks above too (and cross out ones that will be punted to the simulation suite).

tegefaulkes added a commit that referenced this pull request Oct 27, 2022
@tegefaulkes
removed stubs from #441
6a2da5e
@tegefaulkes
Copy link
Contributor

  • I changed Integration Tests for testnet.polykey.com Polykey-CLI#71 to related since we want to merge this early and that's still being worked on.
  • The stub tests have been moved to a new branch called old_441_code.
  • This PR has been reduced to 2 tests, One for a local node to connect to and ping a seed node. The other has two nodes connect to the seed node and ping each other.

@CMCDragonkai
Copy link
Member

Don't keep it in a separate branch. We often delete branches for pruning and we may lose that code. It's better to archive that, or create a new repo just for that. Let's put it into this repo https://gitlab.com/MatrixAI/Engineering/Polykey/Polykey-Simulation.

@CMCDragonkai
Copy link
Member

Also copy any of the remaining tasks into the README:

[ ] Verification of seed node in local keynode's NodeGraph (pk nodes getall)
[ ] Sending notification to seed node (expect failure because no trust established, but this shouldn't show up locally)
[ ] Establishing trust of seed node with local keynode (pk identities trust)
[ ] Verifying node has been added to seed node's gestalt graph after trust has been established (pk identities get/list)
[ ] Sending notification to seed node, and verifying seed node received (will need to connect to testnet and run pk notifications read)

@tegefaulkes tegefaulkes marked this pull request as ready for review October 27, 2022 06:38
@tegefaulkes tegefaulkes merged commit bb9f39b into staging Oct 27, 2022
@tegefaulkes
Copy link
Contributor

I moved it to the Polykey-Simulation gitlab repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CMCDragonkai CMCDragonkai CMCDragonkai left review comments

Assignees

@tegefaulkes tegefaulkes

Labels
development Standard development
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add diagrams to NAT Traversal tests
3 participants
@emmacasolin @CMCDragonkai @tegefaulkes