diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go index 0d8135e3297..8533a1ca624 100644 --- a/pkg/util/iptables/iptables.go +++ b/pkg/util/iptables/iptables.go @@ -446,7 +446,6 @@ func iptablesRestoreCommand(protocol Protocol) string { return cmdIP6TablesRestore } return cmdIPTablesRestore - } func iptablesCommand(protocol Protocol) string { @@ -509,10 +508,10 @@ func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...st tmpField = trimhex(tmpField) argsCopy = append(argsCopy, strings.Fields(tmpField)...) } - argset := sets.NewString(argsCopy...) + argset := sets.New(argsCopy...) for _, line := range strings.Split(string(out), "\n") { - var fields = strings.Fields(line) + fields := strings.Fields(line) // Check that this is a rule for the correct chain, and that it has // the correct number of argument (+2 for "-A ") @@ -528,7 +527,7 @@ func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...st } // TODO: This misses reorderings e.g. "-x foo ! -y bar" will match "! -x foo -y bar" - if sets.NewString(fields...).IsSuperset(argset) { + if sets.New(fields...).IsSuperset(argset) { return true, nil } klog.V(5).InfoS("DBG: fields is not a superset of args", "fields", fields, "arguments", args) @@ -603,7 +602,6 @@ func (runner *runner) Monitor(canary Chain, tables []Table, reloadFunc func(), i } return true, nil }, stopCh) - if err != nil { // stopCh was closed for _, table := range tables { diff --git a/pkg/util/iptables/iptables_test.go b/pkg/util/iptables/iptables_test.go index b23ac7170e4..652b7786431 100644 --- a/pkg/util/iptables/iptables_test.go +++ b/pkg/util/iptables/iptables_test.go @@ -64,12 +64,12 @@ func testIPTablesVersionCmds(t *testing.T, protocol Protocol) { _ = New(fexec, protocol) // Check that proper iptables version command was used during runner instantiation - if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") { + if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") { t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesCmd, fcmd.CombinedOutputLog[0]) } // Check that proper iptables restore version command was used during runner instantiation - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") { t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesRestoreCmd, fcmd.CombinedOutputLog[1]) } } @@ -116,7 +116,7 @@ func testEnsureChain(t *testing.T, protocol Protocol) { t.Errorf("%s new chain: Expected 2 CombinedOutput() calls, got %d", protocol, fcmd.CombinedOutputCalls) } cmd := iptablesCommand(protocol) - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") { t.Errorf("%s new chain: Expected cmd containing '%s -t nat -N FOOBAR', got %s", protocol, cmd, fcmd.CombinedOutputLog[2]) } // Exists. @@ -169,7 +169,7 @@ func TestFlushChain(t *testing.T) { if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-F", "FOOBAR") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-F", "FOOBAR") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } // Failure. @@ -206,7 +206,7 @@ func TestDeleteChain(t *testing.T) { if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-X", "FOOBAR") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-X", "FOOBAR") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } // Failure. @@ -244,7 +244,7 @@ func TestEnsureRuleAlreadyExists(t *testing.T) { if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -280,7 +280,7 @@ func TestEnsureRuleNew(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-A", "OUTPUT", "abc", "123") { + if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-A", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[3]) } } @@ -367,7 +367,7 @@ func TestDeleteRuleDoesNotExist(t *testing.T) { if fcmd.CombinedOutputCalls != 2 { t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") { + if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll("iptables", "-t", "nat", "-C", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -400,7 +400,7 @@ func TestDeleteRuleExists(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") { + if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", "-t", "nat", "-D", "OUTPUT", "abc", "123") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[3]) } } @@ -562,7 +562,7 @@ COMMIT if fcmd.CombinedOutputCalls != 1 { t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") { + if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0]) } } @@ -600,7 +600,7 @@ COMMIT if fcmd.CombinedOutputCalls != 1 { t.Errorf("expected 1 CombinedOutput() call, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") { + if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll("iptables-save", "-t", "nat") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0]) } } @@ -656,7 +656,7 @@ func TestWaitFlagUnavailable(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if sets.NewString(fcmd.CombinedOutputLog[2]...).Has(WaitString) { + if sets.New(fcmd.CombinedOutputLog[2]...).Has(WaitString) { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -687,10 +687,10 @@ func TestWaitFlagOld(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString) { + if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString) { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } - if sets.NewString(fcmd.CombinedOutputLog[2]...).Has(WaitSecondsValue) { + if sets.New(fcmd.CombinedOutputLog[2]...).Has(WaitSecondsValue) { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -721,7 +721,7 @@ func TestWaitFlagNew(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue) { + if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue) { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -752,7 +752,7 @@ func TestWaitIntervalFlagNew(t *testing.T) { if fcmd.CombinedOutputCalls != 3 { t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls) } - if !sets.NewString(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue) { + if !sets.New(fcmd.CombinedOutputLog[2]...).HasAll("iptables", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue) { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } } @@ -808,7 +808,7 @@ COMMIT if fcmd.RunCalls != 1 { t.Errorf("%s: Expected 1 Run() call, got %d", protocol, fcmd.RunCalls) } - if !sets.NewString(fcmd.RunLog[0]...).HasAll(iptablesSaveCmd, "-t", "nat") { + if !sets.New(fcmd.RunLog[0]...).HasAll(iptablesSaveCmd, "-t", "nat") { t.Errorf("%s: Expected cmd containing '%s -t nat', got '%s'", protocol, iptablesSaveCmd, fcmd.RunLog[0]) } @@ -865,7 +865,7 @@ func testRestore(t *testing.T, protocol Protocol) { t.Errorf("%s flush,restore: Expected success, got %v", protocol, err) } - commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...) + commandSet := sets.New(fcmd.CombinedOutputLog[1]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--counters") || commandSet.HasAny("--noflush") { t.Errorf("%s flush, restore: Expected cmd containing '%s -T %s --counters', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[1]) } @@ -876,7 +876,7 @@ func testRestore(t *testing.T, protocol Protocol) { t.Errorf("%s flush, no restore: Expected success, got %v", protocol, err) } - commandSet = sets.NewString(fcmd.CombinedOutputLog[2]...) + commandSet = sets.New(fcmd.CombinedOutputLog[2]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT)) || commandSet.HasAny("--noflush", "--counters") { t.Errorf("%s flush, no restore: Expected cmd containing '--noflush' or '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[2]) } @@ -887,7 +887,7 @@ func testRestore(t *testing.T, protocol Protocol) { t.Errorf("%s no flush, restore: Expected success, got %v", protocol, err) } - commandSet = sets.NewString(fcmd.CombinedOutputLog[3]...) + commandSet = sets.New(fcmd.CombinedOutputLog[3]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush", "--counters") { t.Errorf("%s no flush, restore: Expected cmd containing '--noflush' and '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[3]) } @@ -898,7 +898,7 @@ func testRestore(t *testing.T, protocol Protocol) { t.Errorf("%s no flush, no restore: Expected success, got %v", protocol, err) } - commandSet = sets.NewString(fcmd.CombinedOutputLog[4]...) + commandSet = sets.New(fcmd.CombinedOutputLog[4]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush") || commandSet.HasAny("--counters") { t.Errorf("%s no flush, no restore: Expected cmd containing '%s -T %s --noflush', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[4]) } @@ -947,7 +947,7 @@ func TestRestoreAll(t *testing.T) { t.Fatalf("expected success, got %v", err) } - commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...) + commandSet := sets.New(fcmd.CombinedOutputLog[1]...) if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } @@ -988,7 +988,7 @@ func TestRestoreAllWait(t *testing.T) { t.Fatalf("expected success, got %v", err) } - commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...) + commandSet := sets.New(fcmd.CombinedOutputLog[1]...) if !commandSet.HasAll("iptables-restore", WaitString, WaitSecondsValue, WaitIntervalString, WaitIntervalUsecondsValue, "--counters", "--noflush") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1]) } @@ -1036,7 +1036,7 @@ func TestRestoreAllWaitOldIptablesRestore(t *testing.T) { t.Fatalf("expected success, got %v", err) } - commandSet := sets.NewString(fcmd.CombinedOutputLog[2]...) + commandSet := sets.New(fcmd.CombinedOutputLog[2]...) if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } @@ -1180,7 +1180,7 @@ func TestRestoreAllWaitBackportedIptablesRestore(t *testing.T) { t.Fatalf("expected success, got %v", err) } - commandSet := sets.NewString(fcmd.CombinedOutputLog[2]...) + commandSet := sets.New(fcmd.CombinedOutputLog[2]...) if !commandSet.HasAll("iptables-restore", "--counters", "--noflush") { t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[2]) } diff --git a/pkg/util/iptables/monitor_test.go b/pkg/util/iptables/monitor_test.go index e604abbb9d1..de522c59ef6 100644 --- a/pkg/util/iptables/monitor_test.go +++ b/pkg/util/iptables/monitor_test.go @@ -41,17 +41,17 @@ import ( type monitorFakeExec struct { sync.Mutex - tables map[string]sets.String + tables map[string]sets.Set[string] block bool wasBlocked bool } func newMonitorFakeExec() *monitorFakeExec { - tables := make(map[string]sets.String) - tables["mangle"] = sets.NewString() - tables["filter"] = sets.NewString() - tables["nat"] = sets.NewString() + tables := make(map[string]sets.Set[string]) + tables["mangle"] = sets.New[string]() + tables["filter"] = sets.New[string]() + tables["nat"] = sets.New[string]() return &monitorFakeExec{tables: tables} } @@ -148,33 +148,43 @@ func (mfc *monitorFakeCmd) SetStdin(in io.Reader) { func (mfc *monitorFakeCmd) Run() error { panic("should not be reached") } + func (mfc *monitorFakeCmd) Output() ([]byte, error) { panic("should not be reached") } + func (mfc *monitorFakeCmd) SetDir(dir string) { panic("should not be reached") } + func (mfc *monitorFakeCmd) SetStdout(out io.Writer) { panic("should not be reached") } + func (mfc *monitorFakeCmd) SetStderr(out io.Writer) { panic("should not be reached") } + func (mfc *monitorFakeCmd) SetEnv(env []string) { panic("should not be reached") } + func (mfc *monitorFakeCmd) StdoutPipe() (io.ReadCloser, error) { panic("should not be reached") } + func (mfc *monitorFakeCmd) StderrPipe() (io.ReadCloser, error) { panic("should not be reached") } + func (mfc *monitorFakeCmd) Start() error { panic("should not be reached") } + func (mfc *monitorFakeCmd) Wait() error { panic("should not be reached") } + func (mfc *monitorFakeCmd) Stop() { panic("should not be reached") } diff --git a/pkg/util/iptables/testing/fake.go b/pkg/util/iptables/testing/fake.go index 165d364eddf..10c91b3021e 100644 --- a/pkg/util/iptables/testing/fake.go +++ b/pkg/util/iptables/testing/fake.go @@ -219,7 +219,7 @@ func (f *FakeIPTables) SaveInto(table iptables.Table, buffer *bytes.Buffer) erro } // This is not a complete list but it's enough to pass the unit tests -var builtinTargets = sets.NewString("ACCEPT", "DROP", "RETURN", "REJECT", "DNAT", "SNAT", "MASQUERADE", "MARK") +var builtinTargets = sets.New("ACCEPT", "DROP", "RETURN", "REJECT", "DNAT", "SNAT", "MASQUERADE", "MARK") func (f *FakeIPTables) restoreTable(newDump *IPTablesDump, newTable *Table, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error { oldTable, err := f.Dump.GetTable(newTable.Name)