github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/util/iptables/iptables_test.go

575 lines
20 KiB
Go
Raw Normal View History

Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
/*
Make copyright ownership statement generic Instead of saying "Google Inc." (which is not always correct) say "The Kubernetes Authors", which is generic.
2015-05-01 16:19:44 +00:00
Copyright 2014 The Kubernetes Authors All rights reserved.
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package iptables
import (
"testing"
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
Add support for git volumes.
2014-10-21 23:23:05 +00:00
"github.com/GoogleCloudPlatform/kubernetes/pkg/util/exec"
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
)
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
func getIptablesCommand(protocol Protocol) string {
if protocol == ProtocolIpv4 {
return "iptables"
}
if protocol == ProtocolIpv6 {
return "ip6tables"
}
panic("Unknown protocol")
}
func testEnsureChain(t *testing.T, protocol Protocol) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success.
func() ([]byte, error) { return []byte{}, nil },
// Exists.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Failure.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{2} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, protocol)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success.
exists, err := runner.EnsureChain(TableNAT, Chain("FOOBAR"))
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
if exists {
t.Errorf("expected exists = false")
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
if fcmd.CombinedOutputCalls != 1 {
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
cmd := getIptablesCommand(protocol)
if !util.NewStringSet(fcmd.CombinedOutputLog[0]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
// Exists.
exists, err = runner.EnsureChain(TableNAT, Chain("FOOBAR"))
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
if !exists {
t.Errorf("expected exists = true")
}
// Failure.
_, err = runner.EnsureChain(TableNAT, Chain("FOOBAR"))
if err == nil {
t.Errorf("expected failure")
}
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
func TestEnsureChainIpv4(t *testing.T) {
testEnsureChain(t, ProtocolIpv4)
}
func TestEnsureChainIpv6(t *testing.T) {
testEnsureChain(t, ProtocolIpv6)
}
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
func TestFlushChain(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success.
func() ([]byte, error) { return []byte{}, nil },
// Failure.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success.
err := runner.FlushChain(TableNAT, Chain("FOOBAR"))
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
if fcmd.CombinedOutputCalls != 1 {
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
if !util.NewStringSet(fcmd.CombinedOutputLog[0]...).HasAll("iptables", "-t", "nat", "-F", "FOOBAR") {
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
// Failure.
err = runner.FlushChain(TableNAT, Chain("FOOBAR"))
if err == nil {
t.Errorf("expected failure")
}
}
Split portals into host and container After this DNS is resolvable from the host, if the DNS server is targetted explicitly. This does NOT add the cluster DNS to the host's resolv.conf. That is a larger problem, with distro-specific tie-ins and circular deps.
2014-11-28 07:54:55 +00:00
func TestDeleteChain(t *testing.T) {
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
// Success.
func() ([]byte, error) { return []byte{}, nil },
// Failure.
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
},
}
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
},
}
runner := New(&fexec, ProtocolIpv4)
// Success.
err := runner.DeleteChain(TableNAT, Chain("FOOBAR"))
if err != nil {
t.Errorf("expected success, got %v", err)
}
if fcmd.CombinedOutputCalls != 1 {
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
}
if !util.NewStringSet(fcmd.CombinedOutputLog[0]...).HasAll("iptables", "-t", "nat", "-X", "FOOBAR") {
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
}
// Failure.
err = runner.DeleteChain(TableNAT, Chain("FOOBAR"))
if err == nil {
t.Errorf("expected failure")
}
}
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
func TestEnsureRuleAlreadyExists(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success.
func() ([]byte, error) { return []byte{}, nil },
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Success of that exec means "done".
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
exists, err := runner.EnsureRule(TableNAT, ChainOutput, "abc", "123")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
if !exists {
t.Errorf("expected exists = true")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 2 {
t.Errorf("expected 2 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if !util.NewStringSet(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestEnsureRuleNew(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 1 on the first call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success on the second call.
func() ([]byte, error) { return []byte{}, nil },
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Failure of that means create it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
exists, err := runner.EnsureRule(TableNAT, ChainOutput, "abc", "123")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
if exists {
t.Errorf("expected exists = false")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 3 {
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if !util.NewStringSet(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-A", "OUTPUT", "abc", "123") {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestEnsureRuleErrorChecking(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 2 on the first call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{2} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Failure of that means create it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
_, err := runner.EnsureRule(TableNAT, ChainOutput, "abc", "123")
if err == nil {
t.Errorf("expected failure")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 2 {
t.Errorf("expected 2 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestEnsureRuleErrorCreating(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 1 on the first call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 1 on the second call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Failure of that means create it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
_, err := runner.EnsureRule(TableNAT, ChainOutput, "abc", "123")
if err == nil {
t.Errorf("expected failure")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 3 {
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestDeleteRuleAlreadyExists(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 1 on the first call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Failure of that exec means "does not exist".
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 2 {
t.Errorf("expected 2 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if !util.NewStringSet(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestDeleteRuleNew(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success on the first call.
func() ([]byte, error) { return []byte{}, nil },
// Success on the second call.
func() ([]byte, error) { return []byte{}, nil },
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Success of that means delete it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 3 {
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if !util.NewStringSet(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestDeleteRuleErrorChecking(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Status 2 on the first call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{2} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Failure of that means create it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123")
if err == nil {
t.Errorf("expected failure")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 2 {
t.Errorf("expected 2 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}
func TestDeleteRuleErrorCreating(t *testing.T) {
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func() ([]byte, error) { return []byte("iptables v1.9.22"), nil },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
// Success on the first call.
func() ([]byte, error) { return []byte{}, nil },
// Status 1 on the second call.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func() ([]byte, error) { return nil, &exec.FakeExitError{1} },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Add support for git volumes.
2014-10-21 23:23:05 +00:00
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
// iptables version check
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
// The second Command() call is checking the rule. Success of that means delete it.
Add support for git volumes.
2014-10-21 23:23:05 +00:00
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
},
}
Initial ipv6 / iptables work
2014-11-03 16:04:42 +00:00
runner := New(&fexec, ProtocolIpv4)
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123")
if err == nil {
t.Errorf("expected failure")
}
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
if fcmd.CombinedOutputCalls != 3 {
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
}
}
func TestGetIptablesHasCheckCommand(t *testing.T) {
testCases := []struct {
Version string
Err bool
Expected bool
}{
{"iptables v1.4.7", false, false},
{"iptables v1.4.11", false, true},
{"iptables v1.4.19.1", false, true},
{"iptables v2.0.0", false, true},
{"total junk", true, false},
}
for _, testCase := range testCases {
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
func() ([]byte, error) { return []byte(testCase.Version), nil },
},
}
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
},
}
check, err := getIptablesHasCheckCommand(&fexec)
if (err != nil) != testCase.Err {
t.Errorf("Expected error: %v, Got error: %v", testCase.Err, err)
}
if err == nil && testCase.Expected != check {
fix 'go vet' warnings
2014-11-20 12:42:48 +00:00
t.Errorf("Expected result: %v, Got result: %v", testCase.Expected, check)
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
}
}
}
func TestExtractIptablesVersion(t *testing.T) {
testCases := []struct {
Version string
V1 int
V2 int
V3 int
Err bool
}{
{"iptables v1.4.7", 1, 4, 7, false},
{"iptables v1.4.11", 1, 4, 11, false},
{"iptables v0.2.5", 0, 2, 5, false},
{"iptables v1.2.3.4.5.6", 1, 2, 3, false},
{"iptables v1.4", 0, 0, 0, true},
{"iptables v12345.12345.12345.12344", 12345, 12345, 12345, false},
{"total junk", 0, 0, 0, true},
}
for _, testCase := range testCases {
v1, v2, v3, err := extractIptablesVersion(testCase.Version)
if (err != nil) != testCase.Err {
t.Errorf("Expected error: %v, Got error: %v", testCase.Err, err)
}
if err == nil {
if v1 != testCase.V1 {
t.Errorf("First version number incorrect for string \"%s\", got %d, expected %d", testCase.Version, v1, testCase.V1)
}
if v2 != testCase.V2 {
t.Errorf("Second version number incorrect for string \"%s\", got %d, expected %d", testCase.Version, v2, testCase.V2)
}
if v3 != testCase.V3 {
t.Errorf("Third version number incorrect for string \"%s\", got %d, expected %d", testCase.Version, v3, testCase.V3)
}
}
}
}
func TestIptablesHasCheckCommand(t *testing.T) {
testCases := []struct {
V1 int
V2 int
V3 int
Result bool
}{
{0, 55, 55, false},
{1, 0, 55, false},
{1, 4, 10, false},
{1, 4, 11, true},
{1, 4, 19, true},
{1, 5, 0, true},
{2, 0, 0, true},
}
for _, testCase := range testCases {
if result := iptablesHasCheckCommand(testCase.V1, testCase.V2, testCase.V3); result != testCase.Result {
t.Errorf("For %d.%d.%d expected %v got %v", testCase.V1, testCase.V2, testCase.V3, testCase.Result, result)
}
}
}
func TestCheckRuleWithoutCheckPresent(t *testing.T) {
iptables_save_output := `# Generated by iptables-save v1.4.7 on Wed Oct 29 14:56:01 2014
*nat
:PREROUTING ACCEPT [2136997:197881818]
:POSTROUTING ACCEPT [4284525:258542680]
:OUTPUT ACCEPT [5901660:357267963]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
COMMIT
# Completed on Wed Oct 29 14:56:01 2014`
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
// Success.
func() ([]byte, error) { return []byte(iptables_save_output), nil },
},
}
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
// The first Command() call is checking the rule. Success of that exec means "done".
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
},
}
runner := &runner{exec: &fexec}
exists, err := runner.checkRuleWithoutCheck(TableNAT, ChainPrerouting, "-m", "addrtype", "-j", "DOCKER", "--dst-type", "LOCAL")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
}
if !exists {
t.Errorf("expected exists = true")
}
if fcmd.CombinedOutputCalls != 1 {
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
}
if !util.NewStringSet(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
}
}
func TestCheckRuleWithoutCheckAbsent(t *testing.T) {
iptables_save_output := `# Generated by iptables-save v1.4.7 on Wed Oct 29 14:56:01 2014
*nat
:PREROUTING ACCEPT [2136997:197881818]
:POSTROUTING ACCEPT [4284525:258542680]
:OUTPUT ACCEPT [5901660:357267963]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
COMMIT
# Completed on Wed Oct 29 14:56:01 2014`
fcmd := exec.FakeCmd{
CombinedOutputScript: []exec.FakeCombinedOutputAction{
// Success.
func() ([]byte, error) { return []byte(iptables_save_output), nil },
},
}
fexec := exec.FakeExec{
CommandScript: []exec.FakeCommandAction{
// The first Command() call is checking the rule. Success of that exec means "done".
func(cmd string, args ...string) exec.Cmd { return exec.InitFakeCmd(&fcmd, cmd, args...) },
},
}
runner := &runner{exec: &fexec}
exists, err := runner.checkRuleWithoutCheck(TableNAT, ChainPrerouting, "-m", "addrtype", "-j", "DOCKER")
if err != nil {
Clean up error logs. Use %v for errors, tidy some messages, make error messages start lowe-case (as per go guidelines). Just accumulated nits.
2014-11-20 10:00:36 +00:00
t.Errorf("expected success, got %v", err)
Allow proxy to run on systems with iptables <1.4.11
2014-11-11 00:53:26 +00:00
}
if exists {
t.Errorf("expected exists = false")
}
if fcmd.CombinedOutputCalls != 1 {
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
}
if !util.NewStringSet(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
Add a pkg for iptables support This makes iptables an injectable dependency. The test for this started off simple, but got a bit out of hand. It's starting to become a mocking framework.
2014-09-22 06:58:11 +00:00
}
}