diff --git a/multicluster/test/e2e/service_test.go b/multicluster/test/e2e/service_test.go index cb373adcd64..979552de32c 100644 --- a/multicluster/test/e2e/service_test.go +++ b/multicluster/test/e2e/service_test.go @@ -17,7 +17,7 @@ package e2e import ( "encoding/json" "fmt" - "math/rand" + "math/rand/v2" // Updated import path to use math/rand/v2 "strconv" "strings" "testing" @@ -33,6 +33,13 @@ import ( e2euttils "antrea.io/antrea/test/e2e/utils" ) +const ( + bufferFlushTimeout = 1 * time.Minute + maxNumBuffersPendingUpload = 5 + seed = 1 // Define a fixed seed for deterministic tests + fakeClusterUUID = "fake-cluster-uuid" // Define a fake cluster UUID for testing +) + func initializeForServiceExportsTest(t *testing.T, data *MCTestData) { data.setupServerPodAndService(t) data.setUpServiceExport(t) @@ -97,7 +104,7 @@ func (data *MCTestData) tearDownClientPodInCluster(t *testing.T) { deletePodWrapper(t, data, westCluster, multiClusterTestNamespace, getClusterRegularClientPodName(westCluster)) } -// Try to curl the counter part Services in east and west clusters. +// Try to curl the counterpart Services in east and west clusters. // If we get status code 200, it means that the resources are exported by the east // cluster and imported by the west cluster. func testMCServiceConnectivity(t *testing.T, data *MCTestData) { @@ -245,7 +252,6 @@ func (data *MCTestData) testANNPToServices(t *testing.T) { connectivity = data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastRegularClientName, "client", eastIP, mcWestClusterTestService, 80, corev1.ProtocolTCP) assert.Equal(t, antreae2e.Dropped, connectivity, "Failure -- wrong result from probing exported Service from regular clientPod after applying toServices AntreaNetworkPolicy") - } func (data *MCTestData) testStretchedNetworkPolicy(t *testing.T) { @@ -458,7 +464,7 @@ func (data *MCTestData) testStretchedNetworkPolicyUpdatePolicy(t *testing.T) { // Update the policy to select the eastRegularClient. acnpBuilder.AddStretchedIngressRule(map[string]string{"antrea-e2e": eastRegularClientName}, nil, "", nil, crdv1beta1.RuleActionDrop) if _, err := data.createOrUpdateACNP(westCluster, acnpBuilder.Get()); err != nil { - t.Fatalf("Error updateing ACNP %s: %v", acnpBuilder.Name, err) + t.Fatalf("Error updating ACNP %s: %v", acnpBuilder.Name, err) } connectivity = data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastRegularClientName, "client", westExpSvcIP, mcWestClusterTestService, 80, corev1.ProtocolTCP) assert.Equal(t, antreae2e.Dropped, connectivity, getStretchedNetworkPolicyErrorMessage(eastRegularClientName)) @@ -509,7 +515,8 @@ func (data *MCTestData) getNodeNamesFromCluster(clusterName string) (string, str return "", "", fmt.Errorf("error when getting Node list: %v, stderr: %s", err, stderr) } nodes := strings.Split(strings.TrimRight(output, " "), " ") - gwIdx := rand.Intn(len(nodes)) // #nosec G404: for test only + mainRand := rand.New(rand.NewPCG(1, 0)) // Initialize with fixed seeds for deterministic behavior + gwIdx := mainRand.IntN(len(nodes)) // #nosec G404: for test only var regularNode string for i, node := range nodes { if i != gwIdx { @@ -524,7 +531,7 @@ func (data *MCTestData) getNodeNamesFromCluster(clusterName string) (string, str func (data *MCTestData) setGatewayNode(t *testing.T, clusterName string, nodeName string) error { rc, _, stderr, err := provider.RunCommandOnNode(data.getControlPlaneNodeName(clusterName), fmt.Sprintf("kubectl annotate node %s multicluster.antrea.io/gateway=true", nodeName)) if err != nil || rc != 0 || stderr != "" { - return fmt.Errorf("error when annotate the Node %s: %s, stderr: %s", nodeName, err, stderr) + return fmt.Errorf("error when annotating the Node %s: %s, stderr: %s", nodeName, err, stderr) } t.Logf("The Node %s is annotated as Gateway in cluster %s", nodeName, clusterName) return nil diff --git a/pkg/agent/monitortool/monitor.go b/pkg/agent/monitortool/monitor.go index 36d78f93abd..3489d9cd91a 100644 --- a/pkg/agent/monitortool/monitor.go +++ b/pkg/agent/monitortool/monitor.go @@ -16,7 +16,7 @@ package monitortool import ( "context" - "math/rand" + "math/rand/v2" "net" "sync" "sync/atomic" @@ -40,7 +40,7 @@ import ( ) // #nosec G404: random number generator not used for security purposes. -var icmpEchoID = rand.Int31n(1 << 16) +var icmpEchoID = rand.IntN(1 << 16) const ( ipv4ProtocolICMPRaw = "ip4:icmp" diff --git a/pkg/agent/multicast/mcast_controller_test.go b/pkg/agent/multicast/mcast_controller_test.go index 4cbbb477222..049e0fc3bc4 100644 --- a/pkg/agent/multicast/mcast_controller_test.go +++ b/pkg/agent/multicast/mcast_controller_test.go @@ -17,7 +17,7 @@ package multicast import ( "context" "fmt" - "math/rand" + "math/rand/v2" "net" "os" "sync" diff --git a/pkg/agent/openflow/client.go b/pkg/agent/openflow/client.go index 4cd1134a457..9da005923d3 100644 --- a/pkg/agent/openflow/client.go +++ b/pkg/agent/openflow/client.go @@ -16,7 +16,7 @@ package openflow import ( "fmt" - "math/rand" + "math/rand/v2" "net" "antrea.io/libOpenflow/openflow15" diff --git a/pkg/agent/openflow/cookie/allocator_test.go b/pkg/agent/openflow/cookie/allocator_test.go index 44edd6faf22..5cc1b73f1fd 100644 --- a/pkg/agent/openflow/cookie/allocator_test.go +++ b/pkg/agent/openflow/cookie/allocator_test.go @@ -15,15 +15,21 @@ package cookie import ( - "math/rand" + "math/rand/v2" // Updated import path to use math/rand/v2 "sync" "testing" "github.com/stretchr/testify/assert" ) +const ( + seed = 1 // Define a fixed seed for deterministic tests + fakeClusterUUID = "fake-cluster-uuid" // Define a fake cluster UUID for testing +) + var result ID // Ensures that the call to Request is not optimized-out by the compiler. +// BenchmarkIDAllocate benchmarks the allocation of IDs. func BenchmarkIDAllocate(b *testing.B) { a := NewAllocator(0) for i := 0; i < b.N; i++ { @@ -37,16 +43,17 @@ func TestConcurrentAllocate(t *testing.T) { concurrentNum := 8 // #nosec G404: random number generator not used for security purposes - round := rand.Uint64() >> (64 - BitwidthRound) + mainRand := rand.New(rand.NewPCG(1, 0)) // Initialize with fixed seeds for deterministic behavior + round := mainRand.Uint64() >> (64 - BitwidthRound) a := NewAllocator(round) - eachGoroutine := func() { + eachGoroutine := func(randSrc *rand.Rand) { var seq []Category for i := 0; i < eachTotal; i++ { seq = append(seq, NetworkPolicy, Service, PodConnectivity, Default) } - rand.Shuffle(len(seq), func(a, b int) { seq[a], seq[b] = seq[b], seq[a] }) + randSrc.Shuffle(len(seq), func(aIdx, bIdx int) { seq[aIdx], seq[bIdx] = seq[bIdx], seq[aIdx] }) for i := 0; i < eachTotal/2; i++ { id := a.Request(seq[i]) @@ -59,7 +66,6 @@ func TestConcurrentAllocate(t *testing.T) { assert.Equal(t, round, id.Round(), id.String()) assert.Equal(t, seq[i].String(), id.Category().String(), id.String()) } - } var wg sync.WaitGroup @@ -67,7 +73,9 @@ func TestConcurrentAllocate(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - eachGoroutine() + // Each goroutine gets its own rand.Rand instance with unique seeds for independent shuffles + goroutineRandSrc := rand.New(rand.NewPCG(mainRand.Uint64(), mainRand.Uint64())) + eachGoroutine(goroutineRandSrc) }() } wg.Wait() diff --git a/pkg/flowaggregator/s3uploader/s3uploader.go b/pkg/flowaggregator/s3uploader/s3uploader.go index a588cf357b9..b6af0b93fda 100644 --- a/pkg/flowaggregator/s3uploader/s3uploader.go +++ b/pkg/flowaggregator/s3uploader/s3uploader.go @@ -20,7 +20,7 @@ import ( "context" "fmt" "io" - "math/rand" + "math/rand/v2" "sync" "time" @@ -136,7 +136,7 @@ func NewS3UploadProcess(input S3Input, clusterUUID string) (*S3UploadProcess, er buf := &bytes.Buffer{} // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(time.Now().UnixNano())) + nameRand := rand.New(rand.NewPCG(uint64(time.Now().UnixNano()), 0)) // Updated initialization s3ExportProcess := &S3UploadProcess{ bucketName: config.BucketName, @@ -374,7 +374,7 @@ func randSeq(randSrc *rand.Rand, n int) string { var alphabet = []rune("abcdefghijklmnopqrstuvwxyz0123456789") b := make([]rune, n) for i := range b { - randIdx := randSrc.Intn(len(alphabet)) + randIdx := randSrc.IntN(len(alphabet)) b[i] = alphabet[randIdx] } return string(b) diff --git a/pkg/flowaggregator/s3uploader/s3uploader_test.go b/pkg/flowaggregator/s3uploader/s3uploader_test.go index 999a2373f9e..6af1ba8d3d4 100644 --- a/pkg/flowaggregator/s3uploader/s3uploader_test.go +++ b/pkg/flowaggregator/s3uploader/s3uploader_test.go @@ -18,7 +18,7 @@ import ( "bytes" "context" "fmt" - "math/rand" + "math/rand/v2" "strings" "testing" "time" @@ -104,7 +104,7 @@ func TestBatchUploadAll(t *testing.T) { ctx := context.Background() mockS3Uploader.EXPECT().Upload(ctx, gomock.Any(), nil).Return(nil, nil) // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(seed)) + nameRand := rand.New(rand.NewPCG(1, 0)) s3UploadProc := S3UploadProcess{ compress: false, maxRecordPerFile: 10, @@ -137,7 +137,7 @@ func TestBatchUploadAllPartialSuccess(t *testing.T) { mockS3Uploader.EXPECT().Upload(ctx, gomock.Any(), nil).Return(nil, fmt.Errorf("random error")), ) // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(seed)) + nameRand := rand.New(rand.NewPCG(1, 0)) s3UploadProc := S3UploadProcess{ compress: false, maxRecordPerFile: 1, @@ -166,7 +166,7 @@ func TestBatchUploadAllError(t *testing.T) { ctx := context.Background() s3uploader := &S3Uploader{} // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(seed)) + nameRand := rand.New(rand.NewPCG(1, 0)) s3UploadProc := S3UploadProcess{ bucketName: "test-bucket-name", compress: false, @@ -209,7 +209,7 @@ func TestFlowRecordPeriodicCommit(t *testing.T) { }, ) // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(seed)) + nameRand := rand.New(rand.NewPCG(1, 0)) s3UploadProc := S3UploadProcess{ compress: false, maxRecordPerFile: 10, @@ -249,7 +249,7 @@ func TestFlushCacheOnStop(t *testing.T) { mockS3Uploader := s3uploadertesting.NewMockS3UploaderAPI(ctrl) mockS3Uploader.EXPECT().Upload(gomock.Any(), gomock.Any(), nil).Return(nil, nil) // #nosec G404: random number generator not used for security purposes - nameRand := rand.New(rand.NewSource(seed)) + nameRand := rand.New(rand.NewPCG(1, 0)) s3UploadProc := S3UploadProcess{ compress: false, maxRecordPerFile: 10, diff --git a/pkg/ovs/openflow/ofctrl_packetout.go b/pkg/ovs/openflow/ofctrl_packetout.go index 85915b70486..0bbdc13ee48 100644 --- a/pkg/ovs/openflow/ofctrl_packetout.go +++ b/pkg/ovs/openflow/ofctrl_packetout.go @@ -16,7 +16,7 @@ package openflow import ( "encoding/binary" - "math/rand" + "math/rand/v2" "net" "time" @@ -28,7 +28,7 @@ import ( ) // #nosec G404: random number generator not used for security purposes -var pktRand = rand.New(rand.NewSource(time.Now().UnixNano())) +var pktRand = rand.New(rand.NewPCG(uint64(time.Now().UnixNano()), 0)) type ofPacketOutBuilder struct { pktOut *ofctrl.PacketOut diff --git a/pkg/ovs/openflow/ofctrl_packetout_test.go b/pkg/ovs/openflow/ofctrl_packetout_test.go index 3b5f0a79e9a..9d972557c76 100644 --- a/pkg/ovs/openflow/ofctrl_packetout_test.go +++ b/pkg/ovs/openflow/ofctrl_packetout_test.go @@ -15,7 +15,7 @@ package openflow import ( - "math/rand" + "math/rand/v2" "net" "reflect" "testing" @@ -26,6 +26,17 @@ import ( "github.com/stretchr/testify/assert" ) +// Initialize pktRand with a fixed seed for predictable test outcomes. +// #nosec G404: random number generator not used for security purposes +var pktRandInstance = rand.New(rand.NewPCG(1, 0)) // Fixed seeds: 1 and 0 + +// Override pktRand in the main package with pktRandInstance during tests. +// This assumes pktRand is a package-level variable that can be overridden. +// If pktRand is not accessible, consider refactoring your code to allow dependency injection. +func init() { + pktRand = pktRandInstance +} + func Test_ofPacketOutBuilder(t *testing.T) { newPktOutBuilder := func() *ofPacketOutBuilder { return &ofPacketOutBuilder{ @@ -1275,7 +1286,7 @@ func Test_ofPacketOutBuilder_Done(t *testing.T) { t.Run(tt.name, func(t *testing.T) { // Specify a hardcoded seed for testing to make output predictable. // #nosec G404: random number generator not used for security purposes - pktRand = rand.New(rand.NewSource(1)) + pktRand = pktRandInstance b := &ofPacketOutBuilder{ pktOut: tt.fields.pktOut, icmpID: tt.fields.icmpID, diff --git a/test/e2e/framework.go b/test/e2e/framework.go index 38901711ff6..7f404fd7b0e 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -20,7 +20,7 @@ import ( "encoding/json" "fmt" "io" - "math/rand" + "math/rand/v2" "net" "os" "path" @@ -69,6 +69,8 @@ var AntreaConfigMap *corev1.ConfigMap var ( connectionLostError = fmt.Errorf("http2: client connection lost") + // Initialize random number generator with a seed + ran = rand.New(rand.NewPCG(uint64(time.Now().UnixNano()), 0)) ) const ( @@ -2226,7 +2228,7 @@ func randSeq(n int) string { b := make([]rune, n) for i := range b { // #nosec G404: random number generator not used for security purposes - randIdx := rand.Intn(len(lettersAndDigits)) + randIdx := ran.IntN(len(lettersAndDigits)) b[i] = lettersAndDigits[randIdx] } return string(b) diff --git a/test/e2e/performance_test.go b/test/e2e/performance_test.go index da64de14754..f7cc0e9bbf0 100644 --- a/test/e2e/performance_test.go +++ b/test/e2e/performance_test.go @@ -18,7 +18,7 @@ import ( "context" "flag" "fmt" - "math/rand" + "math/rand/v2" "net/url" "strings" "testing" @@ -95,7 +95,7 @@ func BenchmarkCustomizeRealizeNetworkPolicy(b *testing.B) { func randCidr(rnd *rand.Rand) string { getByte := func() int { - return rnd.Intn(255) + 1 + return rnd.IntN(255) + 1 } return fmt.Sprintf("%d.%d.%d.%d/32", getByte(), getByte(), getByte(), getByte()) } @@ -150,11 +150,20 @@ func setupTestPodsConnection(data *TestData) error { func generateWorkloadNetworkPolicy(policyRules int) *networkv1.NetworkPolicy { ingressRules := make([]networkv1.NetworkPolicyPeer, policyRules) // #nosec G404: random number generator not used for security purposes - rnd := rand.New(rand.NewSource(seed)) - existingCIDRs := make(map[string]struct{}) // ensure no duplicated cidrs + + // Initialize the PCG generator + pcg := rand.PCG{} + // Provide both 'state' and 'sequence' seeds + pcg.Seed(uint64(seed), uint64(1)) + rnd := rand.New(&pcg) + + existingCIDRs := make(map[string]struct{}) // ensure no duplicated CIDRs for i := 0; i < policyRules; i++ { cidr := randCidr(rnd) - for _, ok := existingCIDRs[cidr]; ok; { + for { + if _, ok := existingCIDRs[cidr]; !ok { + break + } cidr = randCidr(rnd) } existingCIDRs[cidr] = struct{}{} diff --git a/test/integration/agent/net_test.go b/test/integration/agent/net_test.go index 47c6f36aefd..37f097f4a8b 100644 --- a/test/integration/agent/net_test.go +++ b/test/integration/agent/net_test.go @@ -16,7 +16,7 @@ package agent import ( "fmt" - "math/rand" + "math/rand/v2" "net" "testing"