mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-06 02:34:03 +00:00
Merge pull request #121813 from 21kyu/fix/use-generic-set
fix: use generic set in pkg/util/iptables
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
015ccc0bcd
@ -446,7 +446,6 @@ func iptablesRestoreCommand(protocol Protocol) string {
|
||||
return cmdIP6TablesRestore
|
||||
}
|
||||
return cmdIPTablesRestore
|
||||
|
||||
}
|
||||
|
||||
func iptablesCommand(protocol Protocol) string {
|
||||
@ -509,10 +508,10 @@ func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...st
|
||||
tmpField = trimhex(tmpField)
|
||||
argsCopy = append(argsCopy, strings.Fields(tmpField)...)
|
||||
}
|
||||
argset := sets.NewString(argsCopy...)
|
||||
argset := sets.New(argsCopy...)
|
||||
|
||||
for _, line := range strings.Split(string(out), "\n") {
|
||||
var fields = strings.Fields(line)
|
||||
fields := strings.Fields(line)
|
||||
|
||||
// Check that this is a rule for the correct chain, and that it has
|
||||
// the correct number of argument (+2 for "-A <chain name>")
|
||||
@ -528,7 +527,7 @@ func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...st
|
||||
}
|
||||
|
||||
// TODO: This misses reorderings e.g. "-x foo ! -y bar" will match "! -x foo -y bar"
|
||||
if sets.NewString(fields...).IsSuperset(argset) {
|
||||
if sets.New(fields...).IsSuperset(argset) {
|
||||
return true, nil
|
||||
}
|
||||
klog.V(5).InfoS("DBG: fields is not a superset of args", "fields", fields, "arguments", args)
|
||||
@ -603,7 +602,6 @@ func (runner *runner) Monitor(canary Chain, tables []Table, reloadFunc func(), i
|
||||
}
|
||||
return true, nil
|
||||
}, stopCh)
|
||||
|
||||
if err != nil {
|
||||
// stopCh was closed
|
||||
for _, table := range tables {
|
||||
|
||||
@ -64,12 +64,12 @@ func testIPTablesVersionCmds(t *testing.T, protocol Protocol) {
|
||||
_ = New(fexec, protocol)
|
||||
|
||||
// Check that proper iptables version command was used during runner instantiation
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") {
|
||||
t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesCmd, fcmd.CombinedOutputLog[0])
|
||||
}
|
||||
|
||||
// Check that proper iptables restore version command was used during runner instantiation
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") {
|
||||
t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesRestoreCmd, fcmd.CombinedOutputLog[1])
|
||||
}
|
||||
}
|
||||
@ -116,7 +116,7 @@ func testEnsureChain(t *testing.T, protocol Protocol) {
|
||||
t.Errorf("%s new chain: Expected 2 CombinedOutput() calls, got %d", protocol, fcmd.CombinedOutputCalls)
|
||||
}
|
||||
cmd := iptablesCommand(protocol)
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") {
|
||||
t.Errorf("%s new chain: Expected cmd containing '%s -t nat -N FOOBAR', got %s", protocol, cmd, fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
// Exists.
|
||||
@ -169,7 +169,7 @@ func TestFlushChain(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 2 {
|
||||
t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-F", "FOOBAR") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-F", "FOOBAR") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
// Failure.
|
||||
@ -206,7 +206,7 @@ func TestDeleteChain(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 2 {
|
||||
t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-X", "FOOBAR") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-X", "FOOBAR") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
// Failure.
|
||||
@ -244,7 +244,7 @@ func TestEnsureRuleAlreadyExists(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 2 {
|
||||
t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -280,7 +280,7 @@ func TestEnsureRuleNew(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-A", "OUTPUT", "abc", "123") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-A", "OUTPUT", "abc", "123") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[3])
|
||||
}
|
||||
}
|
||||
@ -367,7 +367,7 @@ func TestDeleteRuleDoesNotExist(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 2 {
|
||||
t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -400,7 +400,7 @@ func TestDeleteRuleExists(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[3])
|
||||
}
|
||||
}
|
||||
@ -562,7 +562,7 @@ COMMIT
|
||||
if fcmd.CombinedOutputCalls != 1 {
|
||||
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
|
||||
}
|
||||
}
|
||||
@ -600,7 +600,7 @@ COMMIT
|
||||
if fcmd.CombinedOutputCalls != 1 {
|
||||
t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
|
||||
if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
|
||||
}
|
||||
}
|
||||
@ -656,7 +656,7 @@ func TestWaitFlagUnavailable(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if sets.NewString(fcmd.CombinedOutputLog[2]...).Has(WaitString) {
|
||||
if sets.New(fcmd.CombinedOutputLog[2]...).Has(WaitString) {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -687,10 +687,10 @@ func TestWaitFlagOld(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString) {
|
||||
if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString) {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
if sets.NewString(fcmd.CombinedOutputLog[2]...).Has(WaitSecondsValue) {
|
||||
if sets.New(fcmd.CombinedOutputLog[2]...).Has(WaitSecondsValue) {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -721,7 +721,7 @@ func TestWaitFlagNew(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue) {
|
||||
if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue) {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -752,7 +752,7 @@ func TestWaitIntervalFlagNew(t *testing.T) {
|
||||
if fcmd.CombinedOutputCalls != 3 {
|
||||
t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue) {
|
||||
if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue) {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
}
|
||||
@ -808,7 +808,7 @@ COMMIT
|
||||
if fcmd.RunCalls != 1 {
|
||||
t.Errorf("%s: Expected 1 Run() call, got %d", protocol, fcmd.RunCalls)
|
||||
}
|
||||
if !sets.NewString(fcmd.RunLog[0]...).HasAll(iptablesSaveCmd, "-t", "nat") {
|
||||
if !sets.New(fcmd.RunLog[0]...).HasAll(iptablesSaveCmd, "-t", "nat") {
|
||||
t.Errorf("%s: Expected cmd containing '%s -t nat', got '%s'", protocol, iptablesSaveCmd, fcmd.RunLog[0])
|
||||
}
|
||||
|
||||
@ -865,7 +865,7 @@ func testRestore(t *testing.T, protocol Protocol) {
|
||||
t.Errorf("%s flush,restore: Expected success, got %v", protocol, err)
|
||||
}
|
||||
|
||||
commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...)
|
||||
commandSet := sets.New(fcmd.CombinedOutputLog[1]...)
|
||||
if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--counters") || commandSet.HasAny("--noflush") {
|
||||
t.Errorf("%s flush, restore: Expected cmd containing '%s -T %s --counters', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[1])
|
||||
}
|
||||
@ -876,7 +876,7 @@ func testRestore(t *testing.T, protocol Protocol) {
|
||||
t.Errorf("%s flush, no restore: Expected success, got %v", protocol, err)
|
||||
}
|
||||
|
||||
commandSet = sets.NewString(fcmd.CombinedOutputLog[2]...)
|
||||
commandSet = sets.New(fcmd.CombinedOutputLog[2]...)
|
||||
if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT)) || commandSet.HasAny("--noflush", "--counters") {
|
||||
t.Errorf("%s flush, no restore: Expected cmd containing '--noflush' or '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
@ -887,7 +887,7 @@ func testRestore(t *testing.T, protocol Protocol) {
|
||||
t.Errorf("%s no flush, restore: Expected success, got %v", protocol, err)
|
||||
}
|
||||
|
||||
commandSet = sets.NewString(fcmd.CombinedOutputLog[3]...)
|
||||
commandSet = sets.New(fcmd.CombinedOutputLog[3]...)
|
||||
if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush", "--counters") {
|
||||
t.Errorf("%s no flush, restore: Expected cmd containing '--noflush' and '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[3])
|
||||
}
|
||||
@ -898,7 +898,7 @@ func testRestore(t *testing.T, protocol Protocol) {
|
||||
t.Errorf("%s no flush, no restore: Expected success, got %v", protocol, err)
|
||||
}
|
||||
|
||||
commandSet = sets.NewString(fcmd.CombinedOutputLog[4]...)
|
||||
commandSet = sets.New(fcmd.CombinedOutputLog[4]...)
|
||||
if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush") || commandSet.HasAny("--counters") {
|
||||
t.Errorf("%s no flush, no restore: Expected cmd containing '%s -T %s --noflush', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[4])
|
||||
}
|
||||
@ -947,7 +947,7 @@ func TestRestoreAll(t *testing.T) {
|
||||
t.Fatalf("expected success, got %v", err)
|
||||
}
|
||||
|
||||
commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...)
|
||||
commandSet := sets.New(fcmd.CombinedOutputLog[1]...)
|
||||
if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
@ -988,7 +988,7 @@ func TestRestoreAllWait(t *testing.T) {
|
||||
t.Fatalf("expected success, got %v", err)
|
||||
}
|
||||
|
||||
commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...)
|
||||
commandSet := sets.New(fcmd.CombinedOutputLog[1]...)
|
||||
if !commandSet.HasAll("iptables-restore", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue, "--counters", "--noflush") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
|
||||
}
|
||||
@ -1036,7 +1036,7 @@ func TestRestoreAllWaitOldIptablesRestore(t *testing.T) {
|
||||
t.Fatalf("expected success, got %v", err)
|
||||
}
|
||||
|
||||
commandSet := sets.NewString(fcmd.CombinedOutputLog[2]...)
|
||||
commandSet := sets.New(fcmd.CombinedOutputLog[2]...)
|
||||
if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
@ -1180,7 +1180,7 @@ func TestRestoreAllWaitBackportedIptablesRestore(t *testing.T) {
|
||||
t.Fatalf("expected success, got %v", err)
|
||||
}
|
||||
|
||||
commandSet := sets.NewString(fcmd.CombinedOutputLog[2]...)
|
||||
commandSet := sets.New(fcmd.CombinedOutputLog[2]...)
|
||||
if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") {
|
||||
t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2])
|
||||
}
|
||||
|
||||
@ -41,17 +41,17 @@ import (
|
||||
type monitorFakeExec struct {
|
||||
sync.Mutex
|
||||
|
||||
tables map[string]sets.String
|
||||
tables map[string]sets.Set[string]
|
||||
|
||||
block bool
|
||||
wasBlocked bool
|
||||
}
|
||||
|
||||
func newMonitorFakeExec() *monitorFakeExec {
|
||||
tables := make(map[string]sets.String)
|
||||
tables["mangle"] = sets.NewString()
|
||||
tables["filter"] = sets.NewString()
|
||||
tables["nat"] = sets.NewString()
|
||||
tables := make(map[string]sets.Set[string])
|
||||
tables["mangle"] = sets.New[string]()
|
||||
tables["filter"] = sets.New[string]()
|
||||
tables["nat"] = sets.New[string]()
|
||||
return &monitorFakeExec{tables: tables}
|
||||
}
|
||||
|
||||
@ -148,33 +148,43 @@ func (mfc *monitorFakeCmd) SetStdin(in io.Reader) {
|
||||
func (mfc *monitorFakeCmd) Run() error {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) Output() ([]byte, error) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) SetDir(dir string) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) SetStdout(out io.Writer) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) SetStderr(out io.Writer) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) SetEnv(env []string) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) StdoutPipe() (io.ReadCloser, error) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) StderrPipe() (io.ReadCloser, error) {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) Start() error {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) Wait() error {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
func (mfc *monitorFakeCmd) Stop() {
|
||||
panic("should not be reached")
|
||||
}
|
||||
|
||||
@ -219,7 +219,7 @@ func (f *FakeIPTables) SaveInto(table iptables.Table, buffer *bytes.Buffer) erro
|
||||
}
|
||||
|
||||
// This is not a complete list but it's enough to pass the unit tests
|
||||
var builtinTargets = sets.NewString("ACCEPT", "DROP", "RETURN", "REJECT", "DNAT", "SNAT", "MASQUERADE", "MARK")
|
||||
var builtinTargets = sets.New("ACCEPT", "DROP", "RETURN", "REJECT", "DNAT", "SNAT", "MASQUERADE", "MARK")
|
||||
|
||||
func (f *FakeIPTables) restoreTable(newDump *IPTablesDump, newTable *Table, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error {
|
||||
oldTable, err := f.Dump.GetTable(newTable.Name)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user