Lock update operations to prevent race in between updates. (#536)

jaer-tsun · web-flow · commit 2427888550bb · 2020-04-03T13:31:02.000-07:00
* Lock update operations to prevent race in between updates.

* fixing tests

* fixing nwpolicy files
diff --git a/npm/namespace.go b/npm/namespace.go
@@ -55,7 +55,7 @@ func (ns *namespace) policyExists(npObj *networkingv1.NetworkPolicy) bool {
 // InitAllNsList syncs all-namespace ipset list.
 func (npMgr *NetworkPolicyManager) InitAllNsList() error {
 	allNs := npMgr.nsMap[util.KubeAllNamespacesFlag]
-	for ns:= range npMgr.nsMap {
+	for ns := range npMgr.nsMap {
 		if ns == util.KubeAllNamespacesFlag {
 			continue
 		}
@@ -88,12 +88,9 @@ func (npMgr *NetworkPolicyManager) UninitAllNsList() error {
 
 // AddNamespace handles adding namespace to ipset.
 func (npMgr *NetworkPolicyManager) AddNamespace(nsObj *corev1.Namespace) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	var err error
 
-	nsName, nsLabel := "ns-" + nsObj.ObjectMeta.Name, nsObj.ObjectMeta.Labels
+	nsName, nsLabel := "ns-"+nsObj.ObjectMeta.Name, nsObj.ObjectMeta.Labels
 	log.Printf("NAMESPACE CREATING: [%s/%v]", nsName, nsLabel)
 
 	ipsMgr := npMgr.nsMap[util.KubeAllNamespacesFlag].ipsMgr
@@ -139,8 +136,8 @@ func (npMgr *NetworkPolicyManager) AddNamespace(nsObj *corev1.Namespace) error {
 func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, newNsObj *corev1.Namespace) error {
 	var err error
 
-	oldNsNs, oldNsLabel := "ns-" + oldNsObj.ObjectMeta.Name, oldNsObj.ObjectMeta.Labels
-	newNsNs, newNsLabel := "ns-" + newNsObj.ObjectMeta.Name, newNsObj.ObjectMeta.Labels
+	oldNsNs, oldNsLabel := "ns-"+oldNsObj.ObjectMeta.Name, oldNsObj.ObjectMeta.Labels
+	newNsNs, newNsLabel := "ns-"+newNsObj.ObjectMeta.Name, newNsObj.ObjectMeta.Labels
 	log.Printf(
 		"NAMESPACE UPDATING:\n old namespace: [%s/%v]\n new namespace: [%s/%v]",
 		oldNsNs, oldNsLabel, newNsNs, newNsLabel,
@@ -161,12 +158,9 @@ func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, n
 
 // DeleteNamespace handles deleting namespace from ipset.
 func (npMgr *NetworkPolicyManager) DeleteNamespace(nsObj *corev1.Namespace) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	var err error
 
-	nsName, nsLabel := "ns-" + nsObj.ObjectMeta.Name, nsObj.ObjectMeta.Labels
+	nsName, nsLabel := "ns-"+nsObj.ObjectMeta.Name, nsObj.ObjectMeta.Labels
 	log.Printf("NAMESPACE DELETING: [%s/%v]", nsName, nsLabel)
 
 	_, exists := npMgr.nsMap[nsName]
diff --git a/npm/namespace_test.go b/npm/namespace_test.go
@@ -3,8 +3,8 @@
 package npm
 
 import (
-	"testing"
 	"os"
+	"testing"
 
 	"github.com/Azure/azure-container-networking/npm/iptm"
 
@@ -75,9 +75,11 @@ func TestAddNamespace(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(nsObj); err != nil {
 		t.Errorf("TestAddNamespace @ npMgr.AddNamespace")
 	}
+	npMgr.Unlock()
 }
 
 func TestUpdateNamespace(t *testing.T) {
@@ -121,13 +123,15 @@ func TestUpdateNamespace(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(oldNsObj); err != nil {
 		t.Errorf("TestUpdateNamespace failed @ npMgr.AddNamespace")
 	}
 
 	if err := npMgr.UpdateNamespace(oldNsObj, newNsObj); err != nil {
 		t.Errorf("TestUpdateNamespace failed @ npMgr.UpdateNamespace")
 	}
+	npMgr.Unlock()
 }
 
 func TestDeleteNamespace(t *testing.T) {
@@ -162,13 +166,15 @@ func TestDeleteNamespace(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(nsObj); err != nil {
 		t.Errorf("TestDeleteNamespace @ npMgr.AddNamespace")
 	}
 
 	if err := npMgr.DeleteNamespace(nsObj); err != nil {
 		t.Errorf("TestDeleteNamespace @ npMgr.DeleteNamespace")
 	}
+	npMgr.Unlock()
 }
 
 func TestMain(m *testing.M) {
diff --git a/npm/npm.go b/npm/npm.go
@@ -49,8 +49,8 @@ type NetworkPolicyManager struct {
 	isAzureNpmChainCreated       bool
 	isSafeToCleanUpAzureNpmChain bool
 
-	clusterState  telemetry.ClusterState
-	version    string
+	clusterState telemetry.ClusterState
+	version      string
 
 	serverVersion    *version.Info
 	TelemetryEnabled bool
@@ -93,26 +93,26 @@ func (npMgr *NetworkPolicyManager) SendAiMetrics() {
 			GetEnvRetryCount:          5,
 			GetEnvRetryWaitTimeInSecs: 3,
 		}
-		
-		th, err = aitelemetry.NewAITelemetry("", aiMetadata, aiConfig)
-		heartbeat = time.NewTicker(time.Minute * heartbeatIntervalInMinutes).C
+
+		th, err          = aitelemetry.NewAITelemetry("", aiMetadata, aiConfig)
+		heartbeat        = time.NewTicker(time.Minute * heartbeatIntervalInMinutes).C
 		customDimensions = map[string]string{"ClusterID": util.GetClusterID(npMgr.nodeName),
-												"APIServer": npMgr.serverVersion.String()}
+			"APIServer": npMgr.serverVersion.String()}
 		podCount = aitelemetry.Metric{
-			Name: "PodCount",
+			Name:             "PodCount",
 			CustomDimensions: customDimensions,
 		}
 		nsCount = aitelemetry.Metric{
-			Name: "NsCount",
+			Name:             "NsCount",
 			CustomDimensions: customDimensions,
 		}
 		nwPolicyCount = aitelemetry.Metric{
-			Name: "NwPolicyCount",
+			Name:             "NwPolicyCount",
 			CustomDimensions: customDimensions,
 		}
 	)
 
-	for i := 0; err != nil && i < 5; i++{
+	for i := 0; err != nil && i < 5; i++ {
 		log.Logf("Failed to init AppInsights with err: %+v", err)
 		time.Sleep(time.Minute * 5)
 		th, err = aitelemetry.NewAITelemetry("", aiMetadata, aiConfig)
@@ -123,7 +123,7 @@ func (npMgr *NetworkPolicyManager) SendAiMetrics() {
 
 		defer th.Close(10)
 
-		for {	
+		for {
 			<-heartbeat
 			clusterState := npMgr.GetClusterState()
 			podCount.Value = float64(clusterState.PodCount)
@@ -206,7 +206,7 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 		err           error
 	)
 
-	for ticker, start := time.NewTicker(1 * time.Second).C, time.Now(); time.Since(start) < time.Minute * 1; {
+	for ticker, start := time.NewTicker(1*time.Second).C, time.Now(); time.Since(start) < time.Minute*1; {
 		<-ticker
 		serverVersion, err = clientset.ServerVersion()
 		if err == nil {
@@ -239,7 +239,7 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 			NsCount:       0,
 			NwPolicyCount: 0,
 		},
-		version: npmVersion,
+		version:          npmVersion,
 		serverVersion:    serverVersion,
 		TelemetryEnabled: true,
 	}
@@ -257,13 +257,19 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 		// Pod event handlers
 		cache.ResourceEventHandlerFuncs{
 			AddFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.AddPod(obj.(*corev1.Pod))
+				npMgr.Unlock()
 			},
 			UpdateFunc: func(old, new interface{}) {
+				npMgr.Lock()
 				npMgr.UpdatePod(old.(*corev1.Pod), new.(*corev1.Pod))
+				npMgr.Unlock()
 			},
 			DeleteFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.DeletePod(obj.(*corev1.Pod))
+				npMgr.Unlock()
 			},
 		},
 	)
@@ -272,13 +278,19 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 		// Namespace event handlers
 		cache.ResourceEventHandlerFuncs{
 			AddFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.AddNamespace(obj.(*corev1.Namespace))
+				npMgr.Unlock()
 			},
 			UpdateFunc: func(old, new interface{}) {
+				npMgr.Lock()
 				npMgr.UpdateNamespace(old.(*corev1.Namespace), new.(*corev1.Namespace))
+				npMgr.Unlock()
 			},
 			DeleteFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.DeleteNamespace(obj.(*corev1.Namespace))
+				npMgr.Unlock()
 			},
 		},
 	)
@@ -287,13 +299,19 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 		// Network policy event handlers
 		cache.ResourceEventHandlerFuncs{
 			AddFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.AddNetworkPolicy(obj.(*networkingv1.NetworkPolicy))
+				npMgr.Unlock()
 			},
 			UpdateFunc: func(old, new interface{}) {
+				npMgr.Lock()
 				npMgr.UpdateNetworkPolicy(old.(*networkingv1.NetworkPolicy), new.(*networkingv1.NetworkPolicy))
+				npMgr.Unlock()
 			},
 			DeleteFunc: func(obj interface{}) {
+				npMgr.Lock()
 				npMgr.DeleteNetworkPolicy(obj.(*networkingv1.NetworkPolicy))
+				npMgr.Unlock()
 			},
 		},
 	)
diff --git a/npm/nwpolicy.go b/npm/nwpolicy.go
@@ -25,9 +25,6 @@ func (npMgr *NetworkPolicyManager) canCleanUpNpmChains() bool {
 
 // AddNetworkPolicy handles adding network policy to iptables.
 func (npMgr *NetworkPolicyManager) AddNetworkPolicy(npObj *networkingv1.NetworkPolicy) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	var (
 		err error
 		ns  *namespace
@@ -75,9 +72,7 @@ func (npMgr *NetworkPolicyManager) AddNetworkPolicy(npObj *networkingv1.NetworkP
 			log.Printf("Error adding policy %s to %s", npName, oldPolicy.ObjectMeta.Name)
 		}
 		npMgr.isSafeToCleanUpAzureNpmChain = false
-		npMgr.Unlock()
 		npMgr.DeleteNetworkPolicy(oldPolicy)
-		npMgr.Lock()
 		npMgr.isSafeToCleanUpAzureNpmChain = true
 	} else {
 		ns.processedNpMap[hashedSelector] = npObj
@@ -140,9 +135,6 @@ func (npMgr *NetworkPolicyManager) UpdateNetworkPolicy(oldNpObj *networkingv1.Ne
 
 // DeleteNetworkPolicy handles deleting network policy from iptables.
 func (npMgr *NetworkPolicyManager) DeleteNetworkPolicy(npObj *networkingv1.NetworkPolicy) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	var (
 		err error
 		ns  *namespace
diff --git a/npm/nwpolicy_test.go b/npm/nwpolicy_test.go
@@ -61,9 +61,11 @@ func TestAddNetworkPolicy(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(nsObj); err != nil {
 		t.Errorf("TestAddNetworkPolicy @ npMgr.AddNamespace")
 	}
+	npMgr.Unlock()
 
 	tcp := corev1.ProtocolTCP
 	port8000 := intstr.FromInt(8000)
@@ -82,17 +84,19 @@ func TestAddNetworkPolicy(t *testing.T) {
 					}},
 					Ports: []networkingv1.NetworkPolicyPort{{
 						Protocol: &tcp,
-						Port: &port8000,
+						Port:     &port8000,
 					}},
 				},
 			},
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNetworkPolicy(allowIngress); err != nil {
 		t.Errorf("TestAddNetworkPolicy failed @ allowIngress AddNetworkPolicy")
 		t.Errorf("Error: %v", err)
 	}
+	npMgr.Unlock()
 
 	allowEgress := &networkingv1.NetworkPolicy{
 		ObjectMeta: metav1.ObjectMeta{
@@ -109,17 +113,19 @@ func TestAddNetworkPolicy(t *testing.T) {
 					}},
 					Ports: []networkingv1.NetworkPolicyPort{{
 						Protocol: &tcp,
-						Port: &port8000,
+						Port:     &port8000,
 					}},
 				},
 			},
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNetworkPolicy(allowEgress); err != nil {
 		t.Errorf("TestAddNetworkPolicy failed @ allowEgress AddNetworkPolicy")
 		t.Errorf("Error: %v", err)
 	}
+	npMgr.Unlock()
 }
 
 func TestUpdateNetworkPolicy(t *testing.T) {
@@ -168,9 +174,11 @@ func TestUpdateNetworkPolicy(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(nsObj); err != nil {
 		t.Errorf("TestUpdateNetworkPolicy @ npMgr.AddNamespace")
 	}
+	npMgr.Unlock()
 
 	tcp, udp := corev1.ProtocolTCP, corev1.ProtocolUDP
 	allowIngress := &networkingv1.NetworkPolicy{
@@ -221,13 +229,15 @@ func TestUpdateNetworkPolicy(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNetworkPolicy(allowIngress); err != nil {
 		t.Errorf("TestUpdateNetworkPolicy failed @ AddNetworkPolicy")
 	}
 
 	if err := npMgr.UpdateNetworkPolicy(allowIngress, allowEgress); err != nil {
 		t.Errorf("TestUpdateNetworkPolicy failed @ UpdateNetworkPolicy")
 	}
+	npMgr.Unlock()
 }
 
 func TestDeleteNetworkPolicy(t *testing.T) {
@@ -276,9 +286,11 @@ func TestDeleteNetworkPolicy(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNamespace(nsObj); err != nil {
 		t.Errorf("TestDeleteNetworkPolicy @ npMgr.AddNamespace")
 	}
+	npMgr.Unlock()
 
 	tcp := corev1.ProtocolTCP
 	allow := &networkingv1.NetworkPolicy{
@@ -305,11 +317,13 @@ func TestDeleteNetworkPolicy(t *testing.T) {
 		},
 	}
 
+	npMgr.Lock()
 	if err := npMgr.AddNetworkPolicy(allow); err != nil {
 		t.Errorf("TestAddNetworkPolicy failed @ AddNetworkPolicy")
 	}
 
 	if err := npMgr.DeleteNetworkPolicy(allow); err != nil {
 		t.Errorf("TestDeleteNetworkPolicy failed @ DeleteNetworkPolicy")
 	}
+	npMgr.Unlock()
 }
diff --git a/npm/pod.go b/npm/pod.go
@@ -19,9 +19,6 @@ func isSystemPod(podObj *corev1.Pod) bool {
 
 // AddPod handles adding pod ip to its label's ipset.
 func (npMgr *NetworkPolicyManager) AddPod(podObj *corev1.Pod) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	if !isValidPod(podObj) {
 		return nil
 	}
@@ -113,9 +110,6 @@ func (npMgr *NetworkPolicyManager) UpdatePod(oldPodObj, newPodObj *corev1.Pod) e
 
 // DeletePod handles deleting pod from its label's ipset.
 func (npMgr *NetworkPolicyManager) DeletePod(podObj *corev1.Pod) error {
-	npMgr.Lock()
-	defer npMgr.Unlock()
-
 	if !isValidPod(podObj) {
 		return nil
 	}
diff --git a/npm/pod_test.go b/npm/pod_test.go

Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@`
`3`	`3`	`package npm`
`4`	`4`
`5`	`5`	`import (`
`6`		`- "testing"`
`7`	`6`	`"os"`
	`7`	`+ "testing"`
`8`	`8`
`9`	`9`	`"github.com/Azure/azure-container-networking/npm/iptm"`
`10`	`10`
`@@ -75,9 +75,11 @@ func TestAddNamespace(t *testing.T) {`
`75`	`75`	`},`
`76`	`76`	`}`
`77`	`77`
	`78`	`+ npMgr.Lock()`
`78`	`79`	`if err := npMgr.AddNamespace(nsObj); err != nil {`
`79`	`80`	`t.Errorf("TestAddNamespace @ npMgr.AddNamespace")`
`80`	`81`	`}`
	`82`	`+ npMgr.Unlock()`
`81`	`83`	`}`
`82`	`84`
`83`	`85`	`func TestUpdateNamespace(t *testing.T) {`
`@@ -121,13 +123,15 @@ func TestUpdateNamespace(t *testing.T) {`
`121`	`123`	`},`
`122`	`124`	`}`
`123`	`125`
	`126`	`+ npMgr.Lock()`
`124`	`127`	`if err := npMgr.AddNamespace(oldNsObj); err != nil {`
`125`	`128`	`t.Errorf("TestUpdateNamespace failed @ npMgr.AddNamespace")`
`126`	`129`	`}`
`127`	`130`
`128`	`131`	`if err := npMgr.UpdateNamespace(oldNsObj, newNsObj); err != nil {`
`129`	`132`	`t.Errorf("TestUpdateNamespace failed @ npMgr.UpdateNamespace")`
`130`	`133`	`}`
	`134`	`+ npMgr.Unlock()`
`131`	`135`	`}`
`132`	`136`
`133`	`137`	`func TestDeleteNamespace(t *testing.T) {`
`@@ -162,13 +166,15 @@ func TestDeleteNamespace(t *testing.T) {`
`162`	`166`	`},`
`163`	`167`	`}`
`164`	`168`
	`169`	`+ npMgr.Lock()`
`165`	`170`	`if err := npMgr.AddNamespace(nsObj); err != nil {`
`166`	`171`	`t.Errorf("TestDeleteNamespace @ npMgr.AddNamespace")`
`167`	`172`	`}`
`168`	`173`
`169`	`174`	`if err := npMgr.DeleteNamespace(nsObj); err != nil {`
`170`	`175`	`t.Errorf("TestDeleteNamespace @ npMgr.DeleteNamespace")`
`171`	`176`	`}`
	`177`	`+ npMgr.Unlock()`
`172`	`178`	`}`
`173`	`179`
`174`	`180`	`func TestMain(m *testing.M) {`
Original file line number	Diff line number	Diff line change
`@@ -61,9 +61,11 @@ func TestAddNetworkPolicy(t *testing.T) {`
`61`	`61`	`},`
`62`	`62`	`}`
`63`	`63`
	`64`	`+ npMgr.Lock()`
`64`	`65`	`if err := npMgr.AddNamespace(nsObj); err != nil {`
`65`	`66`	`t.Errorf("TestAddNetworkPolicy @ npMgr.AddNamespace")`
`66`	`67`	`}`
	`68`	`+ npMgr.Unlock()`
`67`	`69`
`68`	`70`	`tcp := corev1.ProtocolTCP`
`69`	`71`	`port8000 := intstr.FromInt(8000)`
`@@ -82,17 +84,19 @@ func TestAddNetworkPolicy(t *testing.T) {`
`82`	`84`	`}},`
`83`	`85`	`Ports: []networkingv1.NetworkPolicyPort{{`
`84`	`86`	`Protocol: &tcp,`
`85`		`- Port: &port8000,`
	`87`	`+ Port: &port8000,`
`86`	`88`	`}},`
`87`	`89`	`},`
`88`	`90`	`},`
`89`	`91`	`},`
`90`	`92`	`}`
`91`	`93`
	`94`	`+ npMgr.Lock()`
`92`	`95`	`if err := npMgr.AddNetworkPolicy(allowIngress); err != nil {`
`93`	`96`	`t.Errorf("TestAddNetworkPolicy failed @ allowIngress AddNetworkPolicy")`
`94`	`97`	`t.Errorf("Error: %v", err)`
`95`	`98`	`}`
	`99`	`+ npMgr.Unlock()`
`96`	`100`
`97`	`101`	`allowEgress := &networkingv1.NetworkPolicy{`
`98`	`102`	`ObjectMeta: metav1.ObjectMeta{`
`@@ -109,17 +113,19 @@ func TestAddNetworkPolicy(t *testing.T) {`
`109`	`113`	`}},`
`110`	`114`	`Ports: []networkingv1.NetworkPolicyPort{{`
`111`	`115`	`Protocol: &tcp,`
`112`		`- Port: &port8000,`
	`116`	`+ Port: &port8000,`
`113`	`117`	`}},`
`114`	`118`	`},`
`115`	`119`	`},`
`116`	`120`	`},`
`117`	`121`	`}`
`118`	`122`
	`123`	`+ npMgr.Lock()`
`119`	`124`	`if err := npMgr.AddNetworkPolicy(allowEgress); err != nil {`
`120`	`125`	`t.Errorf("TestAddNetworkPolicy failed @ allowEgress AddNetworkPolicy")`
`121`	`126`	`t.Errorf("Error: %v", err)`
`122`	`127`	`}`
	`128`	`+ npMgr.Unlock()`
`123`	`129`	`}`
`124`	`130`
`125`	`131`	`func TestUpdateNetworkPolicy(t *testing.T) {`
`@@ -168,9 +174,11 @@ func TestUpdateNetworkPolicy(t *testing.T) {`
`168`	`174`	`},`
`169`	`175`	`}`
`170`	`176`
	`177`	`+ npMgr.Lock()`
`171`	`178`	`if err := npMgr.AddNamespace(nsObj); err != nil {`
`172`	`179`	`t.Errorf("TestUpdateNetworkPolicy @ npMgr.AddNamespace")`
`173`	`180`	`}`
	`181`	`+ npMgr.Unlock()`
`174`	`182`
`175`	`183`	`tcp, udp := corev1.ProtocolTCP, corev1.ProtocolUDP`
`176`	`184`	`allowIngress := &networkingv1.NetworkPolicy{`
`@@ -221,13 +229,15 @@ func TestUpdateNetworkPolicy(t *testing.T) {`
`221`	`229`	`},`
`222`	`230`	`}`
`223`	`231`
	`232`	`+ npMgr.Lock()`
`224`	`233`	`if err := npMgr.AddNetworkPolicy(allowIngress); err != nil {`
`225`	`234`	`t.Errorf("TestUpdateNetworkPolicy failed @ AddNetworkPolicy")`
`226`	`235`	`}`
`227`	`236`
`228`	`237`	`if err := npMgr.UpdateNetworkPolicy(allowIngress, allowEgress); err != nil {`
`229`	`238`	`t.Errorf("TestUpdateNetworkPolicy failed @ UpdateNetworkPolicy")`
`230`	`239`	`}`
	`240`	`+ npMgr.Unlock()`
`231`	`241`	`}`
`232`	`242`
`233`	`243`	`func TestDeleteNetworkPolicy(t *testing.T) {`
`@@ -276,9 +286,11 @@ func TestDeleteNetworkPolicy(t *testing.T) {`
`276`	`286`	`},`
`277`	`287`	`}`
`278`	`288`
	`289`	`+ npMgr.Lock()`
`279`	`290`	`if err := npMgr.AddNamespace(nsObj); err != nil {`
`280`	`291`	`t.Errorf("TestDeleteNetworkPolicy @ npMgr.AddNamespace")`
`281`	`292`	`}`
	`293`	`+ npMgr.Unlock()`
`282`	`294`
`283`	`295`	`tcp := corev1.ProtocolTCP`
`284`	`296`	`allow := &networkingv1.NetworkPolicy{`
`@@ -305,11 +317,13 @@ func TestDeleteNetworkPolicy(t *testing.T) {`
`305`	`317`	`},`
`306`	`318`	`}`
`307`	`319`
	`320`	`+ npMgr.Lock()`
`308`	`321`	`if err := npMgr.AddNetworkPolicy(allow); err != nil {`
`309`	`322`	`t.Errorf("TestAddNetworkPolicy failed @ AddNetworkPolicy")`
`310`	`323`	`}`
`311`	`324`
`312`	`325`	`if err := npMgr.DeleteNetworkPolicy(allow); err != nil {`
`313`	`326`	`t.Errorf("TestDeleteNetworkPolicy failed @ DeleteNetworkPolicy")`
`314`	`327`	`}`
	`328`	`+ npMgr.Unlock()`
`315`	`329`	`}`