Update network latency fault check (aws#4726)

Author: xxx0624

agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/tmds/handlers/fault/v1/handlers/handlers.go

@@ -1376,6 +1376,7 @@ func (h *FaultHandler) startNetworkLatencyFaultForInterface(
 		field.CommandOutput:    string(cmdOutput[:]),
 		field.NetworkInterface: interfaceName,
 	})
+
 	tcAddQdiscLossCommandComposed := nsenterPrefix + fmt.Sprintf(
 		tcAddQdiscLatencyCommandString, interfaceName, delayInMs, jitterInMs)
 	cmdList = strings.Split(tcAddQdiscLossCommandComposed, " ")
@@ -1631,14 +1632,23 @@ func (h *FaultHandler) checkTCFaultForInterface(
 
 // checkLatencyFault parses the tc command output and checks if there's existing network-latency fault running.
 func checkLatencyFault(outputUnmarshalled []map[string]interface{}) (bool, error) {
+	packetLossFaultExist, err := checkPacketLossFault(outputUnmarshalled)
+	if err != nil {
+		return false, err
+	}
+
+	// Make sure no existing packet loss fault because only one tc fault is allowed.
+	if packetLossFaultExist {
+		return false, nil
+	}
+
 	for _, line := range outputUnmarshalled {
 		// Check if field "kind":"netem" exists.
 		if line["kind"] == "netem" {
-			// Now check if network packet loss fault exists.
 			if options := line["options"]; options != nil {
-				if delay := options.(map[string]interface{})["delay"]; delay != nil {
-					return true, nil
-				}
+				// We don't check the "delay" field in the output of "options" intentionally because
+				// it is not present if the delay is zero and the jitter is non-zero.
+				return true, nil
 			}
 		}
 	}

agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/tmds/handlers/fault/v1/types/types.go

@@ -25,6 +25,7 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"
 
@@ -62,10 +63,11 @@ const (
 	nspath             = "/some/path"
 	nspathHost         = "host"
 	// Fault injection tooling errors output
-	iptablesChainNotFoundError        = "iptables: Bad rule (does a matching rule exist in that chain?)."
-	tcLatencyFaultExistsCommandOutput = `[{"kind":"netem","handle":"10:","parent":"1:1","options":{"limit":1000,"delay":{"delay":123456789,"jitter":4567,"correlation":0},"ecn":false,"gap":0}}]`
-	tcLossFaultExistsCommandOutput    = `[{"kind":"netem","handle":"10:","dev":"eth0","parent":"1:1","options":{"limit":1000,"loss-random":{"loss":0.06,"correlation":0},"ecn":false,"gap":0}}]`
-	tcCommandEmptyOutput              = `[]`
+	iptablesChainNotFoundError                     = "iptables: Bad rule (does a matching rule exist in that chain?)."
+	tcLatencyFaultExistsCommandOutput              = `[{"kind":"netem","handle":"10:","parent":"1:1","options":{"limit":1000,"delay":{"delay":123456789,"jitter":4567,"correlation":0},"ecn":false,"gap":0}}]`
+	tcLatencyFaultWithZeroDelayExistsCommandOutput = `[{"kind":"netem","handle":"10:","parent":"1:1","options":{"limit":1000,"ecn":false,"gap":0}}]`
+	tcLossFaultExistsCommandOutput                 = `[{"kind":"netem","handle":"10:","dev":"eth0","parent":"1:1","options":{"limit":1000,"loss-random":{"loss":0.06,"correlation":0},"ecn":false,"gap":0}}]`
+	tcCommandEmptyOutput                           = `[]`
 	// Common Fault injection JSON responses
 	happyFaultRunningResponse    = `{"Status":"running"}`
 	happyFaultStoppedResponse    = `{"Status":"stopped"}`
@@ -234,6 +236,13 @@ var (
 		"SourcesToFilter":    ipSourcesToFilter,
 	}
 
+	happyNetworkLatencyReqBodyWithZeroDelay = map[string]interface{}{
+		"DelayMilliseconds":  0,
+		"JitterMilliseconds": jitterMilliseconds,
+		"Sources":            ipSources,
+		"SourcesToFilter":    ipSourcesToFilter,
+	}
+
 	happyNetworkPacketLossReqBody = map[string]interface{}{
 		"LossPercent":     lossPercent,
 		"Sources":         ipSources,
@@ -2175,6 +2184,39 @@ func generateStartNetworkLatencyTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: happyFaultRunningResponse,
 		},
+		{
+			name:                 "zero-delay",
+			expectedStatusCode:   200,
+			requestBody:          happyNetworkLatencyReqBodyWithZeroDelay,
+			expectedResponseBody: types.NewNetworkFaultInjectionSuccessResponse("running"),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+
+				commandList := strings.Split(
+					fmt.Sprintf("nsenter --net=/some/path "+tcAddQdiscLatencyCommandString, "eth0", 0, jitterMilliseconds),
+					" ")
+				gomock.InOrder(
+					exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel),
+					// Check existing fault
+					exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD),
+					mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcCommandEmptyOutput), nil),
+				)
+				// Add root handler
+				exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcCommandEmptyOutput), nil)
+				// Add lantecy handler
+				exec.EXPECT().CommandContext(gomock.Any(), commandList[0], commandList[1:]).Times(1).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcCommandEmptyOutput), nil)
+				// Add targets to the handler
+				exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(5).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(5).Return([]byte(tcCommandEmptyOutput), nil)
+			},
+			expectedResponseJSON: happyFaultRunningResponse,
+		},
 		{
 			name:                 "no-existing-fault - two interfaces",
 			expectedStatusCode:   200,
@@ -2215,6 +2257,23 @@ func generateStartNetworkLatencyTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: fmt.Sprintf(errorResponse, latencyFaultAlreadyRunningError),
 		},
+		{
+			name:                 "existing-network-latency-fault-with-0-delay",
+			expectedStatusCode:   409,
+			requestBody:          happyNetworkLatencyReqBody,
+			expectedResponseBody: types.NewNetworkFaultInjectionErrorResponse(latencyFaultAlreadyRunningError),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+				exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel)
+				exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil)
+			},
+			expectedResponseJSON: fmt.Sprintf(errorResponse, latencyFaultAlreadyRunningError),
+		},
 		{
 			name:                 "existing-network-packet-loss-fault",
 			expectedStatusCode:   409,
@@ -2357,6 +2416,21 @@ func generateStartNetworkLatencyTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: fmt.Sprintf(errorResponse, fmt.Sprintf(types.MissingRequiredFieldError, "JitterMilliseconds")),
 		},
+		{
+			name:               fmt.Sprintf("%s invalid delay and jitter", startNetworkLatencyTestPrefix),
+			expectedStatusCode: 400,
+			requestBody: map[string]interface{}{
+				"DelayMilliseconds":  0,
+				"JitterMilliseconds": 0,
+				"Sources":            ipSources,
+				"SourcesToFilter":    ipSourcesToFilter,
+			},
+			expectedResponseBody: types.NewNetworkFaultInjectionErrorResponse(types.ZeroDelayAndJitterError),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(state.TaskResponse{}, nil).Times(0)
+			},
+			expectedResponseJSON: fmt.Sprintf(errorResponse, types.ZeroDelayAndJitterError),
+		},
 		{
 			name:               fmt.Sprintf("%s invalid DelayMilliseconds in the request body 1", startNetworkLatencyTestPrefix),
 			expectedStatusCode: 400,
@@ -2493,6 +2567,27 @@ func generateStopNetworkLatencyTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: happyFaultStoppedResponse,
 		},
+		{
+			name:                 "existing-network-latency-fault-with-0-delay-happy-request-payload",
+			expectedStatusCode:   200,
+			requestBody:          happyNetworkLatencyReqBody,
+			expectedResponseBody: types.NewNetworkFaultInjectionSuccessResponse("stopped"),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+				gomock.InOrder(
+					exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel),
+					exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD),
+					mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil),
+				)
+				exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(2).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(2).Return([]byte(""), nil)
+			},
+			expectedResponseJSON: happyFaultStoppedResponse,
+		},
 		{
 			name:                 "existing-network-packet-loss-fault-empty-request-payload",
 			expectedStatusCode:   200,
@@ -2610,6 +2705,25 @@ func generateCheckNetworkLatencyTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: happyFaultRunningResponse,
 		},
+		{
+			name:                 "existing-network-latency-fault-with-0-delay-happy-request-payload",
+			expectedStatusCode:   200,
+			requestBody:          happyNetworkLatencyReqBody,
+			expectedResponseBody: types.NewNetworkFaultInjectionSuccessResponse("running"),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+				gomock.InOrder(
+					exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel),
+					exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD),
+					mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil),
+				)
+			},
+			expectedResponseJSON: happyFaultRunningResponse,
+		},
 		{
 			name:                 "existing-network-packet-loss-fault-empty-request-payload",
 			expectedStatusCode:   200,
@@ -2883,6 +2997,23 @@ func generateStartNetworkPacketLossTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: fmt.Sprintf(errorResponse, latencyFaultAlreadyRunningError),
 		},
+		{
+			name:                 "existing-network-latency-fault-with-0-delay",
+			expectedStatusCode:   409,
+			requestBody:          happyNetworkPacketLossReqBody,
+			expectedResponseBody: types.NewNetworkFaultInjectionErrorResponse(latencyFaultAlreadyRunningError),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+				exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel)
+				exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD)
+				mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil)
+			},
+			expectedResponseJSON: fmt.Sprintf(errorResponse, latencyFaultAlreadyRunningError),
+		},
 		{
 			name:                 "existing-network-packet-loss-fault",
 			expectedStatusCode:   409,
@@ -3280,6 +3411,25 @@ func generateCheckNetworkPacketLossTestCases() []networkFaultInjectionTestCase {
 			},
 			expectedResponseJSON: happyFaultNotRunningResponse,
 		},
+		{
+			name:                 "existing-network-latency-fault-with-0-delay-happy-request-payload",
+			expectedStatusCode:   200,
+			requestBody:          happyNetworkPacketLossReqBody,
+			expectedResponseBody: types.NewNetworkFaultInjectionSuccessResponse("not-running"),
+			setAgentStateExpectations: func(agentState *mock_state.MockAgentState, netConfigClient *netconfig.NetworkConfigClient) {
+				agentState.EXPECT().GetTaskMetadataWithTaskNetworkConfig(endpointId, netConfigClient).Return(happyTaskResponse, nil)
+			},
+			setExecExpectations: func(exec *mock_execwrapper.MockExec, ctrl *gomock.Controller) {
+				ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutDuration)
+				mockCMD := mock_execwrapper.NewMockCmd(ctrl)
+				gomock.InOrder(
+					exec.EXPECT().NewExecContextWithTimeout(gomock.Any(), gomock.Any()).Times(1).Return(ctx, cancel),
+					exec.EXPECT().CommandContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).Return(mockCMD),
+					mockCMD.EXPECT().CombinedOutput().Times(1).Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil),
+				)
+			},
+			expectedResponseJSON: happyFaultNotRunningResponse,
+		},
 		{
 			name:                 "existing-network-packet-loss-fault-empty-request-payload",
 			expectedStatusCode:   200,
@@ -3451,6 +3601,17 @@ func TestCheckTCFault(t *testing.T) {
 				cmd.EXPECT().CombinedOutput().Return([]byte(tcLatencyFaultExistsCommandOutput), nil)
 			},
 		},
+		{
+			name:               "Latency fault with 0 delay exists",
+			deviceNames:        []string{"eth0"},
+			expectedLatency:    true,
+			expectedPacketLoss: false,
+			expectedError:      nil,
+			commandExpectations: func(exec *mock_execwrapper.MockExec, cmd *mock_execwrapper.MockCmd) {
+				exec.EXPECT().CommandContext(gomock.Any(), "tc", []string{"-j", "q", "show", "dev", "eth0", "parent", "1:1"}).Return(cmd)
+				cmd.EXPECT().CombinedOutput().Return([]byte(tcLatencyFaultWithZeroDelayExistsCommandOutput), nil)
+			},
+		},
 		{
 			name:               "Packet loss fault exists",
 			deviceNames:        []string{"eth0"},

ecs-agent/tmds/handlers/fault/v1/handlers/handlers.go

@@ -20,6 +20,7 @@ import (
 
 	"github.com/aws/amazon-ecs-agent/ecs-agent/tmds/utils"
 	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/pkg/errors"
 )
 
 const (
@@ -34,6 +35,7 @@ const (
 	// Request Payload Errors
 	MissingRequiredFieldError = "required parameter %s is missing"
 	MissingRequestBodyError   = "required request body is missing"
+	ZeroDelayAndJitterError   = "required either DelayMilliseconds or JitterMilliseconds to be non-zero"
 	InvalidValueError         = "invalid value %s for parameter %s"
 )
 
@@ -129,6 +131,11 @@ func (request NetworkLatencyRequest) ValidateRequest() error {
 	if request.JitterMilliseconds == nil {
 		return fmt.Errorf(MissingRequiredFieldError, "JitterMilliseconds")
 	}
+
+	if aws.ToUint64(request.DelayMilliseconds) == 0 && aws.ToUint64(request.JitterMilliseconds) == 0 {
+		return errors.New(ZeroDelayAndJitterError)
+	}
+
 	if len(request.Sources) == 0 {
 		return fmt.Errorf(MissingRequiredFieldError, "Sources")
 	}