tests/network-ovn: ignore empty ACL logs if not using deb

canonical/lxd#14327 is needed to get access to MicroOVN logs. Signed-off-by: Simon Deziel <[email protected]>
simondeziel · Dec 12, 2024 · 5b89e3f · 5b89e3f
1 parent 5e309be
commit 5b89e3f
Showing 1 changed file with 36 additions and 34 deletions.
diff --git a/tests/network-ovn b/tests/network-ovn
@@ -1408,43 +1408,45 @@ ovn_peering_tests() {
     lxc exec ovn2 -T -n --project=ovn2 -- ping -nc1 -6 -w5 "${ovn1NICIPv6}"
 
     echo "==> Check that acl rule for ovn ingress has all the expected values"
-    ovn_logs="$(lxc network acl show-log ovn1 --project=ovn1)"
-
-    # XXX: unable to get logs from old OVN .deb from 20.04
-    if [ -z "${ovn_logs}" ]; then
-        . /etc/os-release
-        if [ "${VERSION_ID}" = "20.04" ]; then
-            echo "Ignoring network acl show-log not working on ${VERSION_ID}"
-        else
-            false
+    if [ "${OVN_SOURCE:-latest/edge}" = "deb" ]; then
+      ovn_logs="$(lxc network acl show-log ovn1 --project=ovn1)"
+
+      # XXX: unable to get logs from old OVN .deb from 20.04
+      if [ -z "${ovn_logs}" ]; then
+          . /etc/os-release
+          if [ "${VERSION_ID}" = "20.04" ]; then
+              echo "Ignoring network acl show-log not working on ${VERSION_ID}"
+          else
+              false
+          fi
+      fi
+
+      echo "${ovn_logs}" | while IFS= read -r logline; do
+        proto=$(echo "$logline" | jq -r '.proto')
+        src=$(echo "$logline" | jq -r '.src')
+        dst=$(echo "$logline" | jq -r '.dst')
+        icmp_type=$(echo "$logline" | jq -r '.icmp_type')
+        icmp_code=$(echo "$logline" | jq -r '.icmp_code')
+        action=$(echo "$logline" | jq -r '.action')
+
+        [ "$action" = "allow" ]
+
+        if [ "$proto" = "icmp" ]; then
+          echo "==> IPv4 ping from ovn2 to ovn1 allowed"
+          [ "$src" = "${ovn2NICIPv4}" ]
+          [ "$dst" = "${ovn1NICIPv4}" ]
+          [ "$icmp_type" = "8" ]
+          [ "$icmp_code" = "0" ]
+        elif [ "$proto" = "icmp6" ]; then
+          echo "==> IPv6 ping from ovn2 to ovn1 allowed"
+          [ "$src" = "${ovn2NICIPv6}" ]
+          [ "$dst" = "${ovn1NICIPv6}" ]
+          [ "$icmp_type" = "128" ]
+          [ "$icmp_code" = "0" ]
         fi
+      done
     fi
 
-    echo "${ovn_logs}" | while IFS= read -r logline; do
-      proto=$(echo "$logline" | jq -r '.proto')
-      src=$(echo "$logline" | jq -r '.src')
-      dst=$(echo "$logline" | jq -r '.dst')
-      icmp_type=$(echo "$logline" | jq -r '.icmp_type')
-      icmp_code=$(echo "$logline" | jq -r '.icmp_code')
-      action=$(echo "$logline" | jq -r '.action')
-
-      [ "$action" = "allow" ]
-
-      if [ "$proto" = "icmp" ]; then
-        echo "==> IPv4 ping from ovn2 to ovn1 allowed"
-        [ "$src" = "${ovn2NICIPv4}" ]
-        [ "$dst" = "${ovn1NICIPv4}" ]
-        [ "$icmp_type" = "8" ]
-        [ "$icmp_code" = "0" ]
-      elif [ "$proto" = "icmp6" ]; then
-        echo "==> IPv6 ping from ovn2 to ovn1 allowed"
-        [ "$src" = "${ovn2NICIPv6}" ]
-        [ "$dst" = "${ovn1NICIPv6}" ]
-        [ "$icmp_type" = "128" ]
-        [ "$icmp_code" = "0" ]
-      fi
-    done
-
     echo "==> Check cannot add an ACL to a network NIC that references a peer connection from another network"
     lxc network create ovn1b --type=ovn network=lxdbr0 --project=ovn1
     ! lxc network set ovn1b security.acls=ovn1 --project=ovn1 || false