From 4988699c2f26965ca99928f853656c37df6a1c48 Mon Sep 17 00:00:00 2001
From: Dan Winship <danwinship@redhat.com>
Date: Wed, 1 Jun 2022 10:55:15 -0400
Subject: [PATCH] Use dedent to fix GetChainLines() tests

The test was calling GetChainLines() on invalid pseudo-iptables-save
output where most of the lines were indented. GetChainLines() happened
to still parse this "correctly", but it would be better to be testing
it on actually-correct data.
---
 pkg/util/iptables/save_restore_test.go | 122 +++++++++++++------------
 1 file changed, 63 insertions(+), 59 deletions(-)

diff --git a/pkg/util/iptables/save_restore_test.go b/pkg/util/iptables/save_restore_test.go
index 5a7695f3f68..52b4f420511 100644
--- a/pkg/util/iptables/save_restore_test.go
+++ b/pkg/util/iptables/save_restore_test.go
@@ -18,6 +18,8 @@ package iptables
 
 import (
 	"testing"
+
+	"github.com/lithammer/dedent"
 )
 
 func TestReadLinesFromByteBuffer(t *testing.T) {
@@ -67,14 +69,15 @@ func checkAllLines(t *testing.T, table Table, save []byte, expectedLines map[Cha
 }
 
 func TestGetChainLines(t *testing.T) {
-	iptablesSave := `# Generated by iptables-save v1.4.7 on Wed Oct 29 14:56:01 2014
-	*nat
-	:PREROUTING ACCEPT [2136997:197881818]
-	:POSTROUTING ACCEPT [4284525:258542680]
-	:OUTPUT ACCEPT [5901660:357267963]
-	-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-	COMMIT
-	# Completed on Wed Oct 29 14:56:01 2014`
+	iptablesSave := dedent.Dedent(
+		`# Generated by iptables-save v1.4.7 on Wed Oct 29 14:56:01 2014
+		*nat
+		:PREROUTING ACCEPT [2136997:197881818]
+		:POSTROUTING ACCEPT [4284525:258542680]
+		:OUTPUT ACCEPT [5901660:357267963]
+		-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+		COMMIT
+		# Completed on Wed Oct 29 14:56:01 2014`)
 	expected := map[Chain]string{
 		ChainPrerouting:  ":PREROUTING ACCEPT [2136997:197881818]",
 		ChainPostrouting: ":POSTROUTING ACCEPT [4284525:258542680]",
@@ -84,57 +87,58 @@ func TestGetChainLines(t *testing.T) {
 }
 
 func TestGetChainLinesMultipleTables(t *testing.T) {
-	iptablesSave := `# Generated by iptables-save v1.4.21 on Fri Aug  7 14:47:37 2015
-	*nat
-	:PREROUTING ACCEPT [2:138]
-	:INPUT ACCEPT [0:0]
-	:OUTPUT ACCEPT [0:0]
-	:POSTROUTING ACCEPT [0:0]
-	:DOCKER - [0:0]
-	:KUBE-NODEPORT-CONTAINER - [0:0]
-	:KUBE-NODEPORT-HOST - [0:0]
-	:KUBE-PORTALS-CONTAINER - [0:0]
-	:KUBE-PORTALS-HOST - [0:0]
-	:KUBE-SVC-1111111111111111 - [0:0]
-	:KUBE-SVC-2222222222222222 - [0:0]
-	:KUBE-SVC-3333333333333333 - [0:0]
-	:KUBE-SVC-4444444444444444 - [0:0]
-	:KUBE-SVC-5555555555555555 - [0:0]
-	:KUBE-SVC-6666666666666666 - [0:0]
-	-A PREROUTING -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-CONTAINER
-	-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-	-A PREROUTING -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-CONTAINER
-	-A OUTPUT -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-HOST
-	-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-	-A OUTPUT -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-HOST
-	-A POSTROUTING -s 10.246.1.0/24 ! -o cbr0 -j MASQUERADE
-	-A POSTROUTING -s 10.0.2.15 -d 10.0.2.15 -m comment --comment "handle pod connecting to self" -j MASQUERADE
-	-A KUBE-PORTALS-CONTAINER -d 10.247.0.1 -p tcp -m comment --comment "portal for default/kubernetes:" -m state --state NEW -m tcp --dport 443 -j KUBE-SVC-5555555555555555
-	-A KUBE-PORTALS-CONTAINER -d 10.247.0.10 -p udp -m comment --comment "portal for kube-system/kube-dns:dns" -m state --state NEW -m udp --dport 53 -j KUBE-SVC-6666666666666666
-	-A KUBE-PORTALS-CONTAINER -d 10.247.0.10 -p tcp -m comment --comment "portal for kube-system/kube-dns:dns-tcp" -m state --state NEW -m tcp --dport 53 -j KUBE-SVC-2222222222222222
-	-A KUBE-PORTALS-HOST -d 10.247.0.1 -p tcp -m comment --comment "portal for default/kubernetes:" -m state --state NEW -m tcp --dport 443 -j KUBE-SVC-5555555555555555
-	-A KUBE-PORTALS-HOST -d 10.247.0.10 -p udp -m comment --comment "portal for kube-system/kube-dns:dns" -m state --state NEW -m udp --dport 53 -j KUBE-SVC-6666666666666666
-	-A KUBE-PORTALS-HOST -d 10.247.0.10 -p tcp -m comment --comment "portal for kube-system/kube-dns:dns-tcp" -m state --state NEW -m tcp --dport 53 -j KUBE-SVC-2222222222222222
-	-A KUBE-SVC-1111111111111111 -p udp -m comment --comment "kube-system/kube-dns:dns" -m recent --set --name KUBE-SVC-1111111111111111 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.246.1.2:53
-	-A KUBE-SVC-2222222222222222 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SVC-3333333333333333
-	-A KUBE-SVC-3333333333333333 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m recent --set --name KUBE-SVC-3333333333333333 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.246.1.2:53
-	-A KUBE-SVC-4444444444444444 -p tcp -m comment --comment "default/kubernetes:" -m recent --set --name KUBE-SVC-4444444444444444 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.245.1.2:443
-	-A KUBE-SVC-5555555555555555 -m comment --comment "default/kubernetes:" -j KUBE-SVC-4444444444444444
-	-A KUBE-SVC-6666666666666666 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SVC-1111111111111111
-	COMMIT
-	# Completed on Fri Aug  7 14:47:37 2015
-	# Generated by iptables-save v1.4.21 on Fri Aug  7 14:47:37 2015
-	*filter
-	:INPUT ACCEPT [17514:83115836]
-	:FORWARD ACCEPT [0:0]
-	:OUTPUT ACCEPT [8909:688225]
-	:DOCKER - [0:0]
-	-A FORWARD -o cbr0 -j DOCKER
-	-A FORWARD -o cbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-	-A FORWARD -i cbr0 ! -o cbr0 -j ACCEPT
-	-A FORWARD -i cbr0 -o cbr0 -j ACCEPT
-	COMMIT
-	`
+	iptablesSave := dedent.Dedent(
+		`# Generated by iptables-save v1.4.21 on Fri Aug  7 14:47:37 2015
+		*nat
+		:PREROUTING ACCEPT [2:138]
+		:INPUT ACCEPT [0:0]
+		:OUTPUT ACCEPT [0:0]
+		:POSTROUTING ACCEPT [0:0]
+		:DOCKER - [0:0]
+		:KUBE-NODEPORT-CONTAINER - [0:0]
+		:KUBE-NODEPORT-HOST - [0:0]
+		:KUBE-PORTALS-CONTAINER - [0:0]
+		:KUBE-PORTALS-HOST - [0:0]
+		:KUBE-SVC-1111111111111111 - [0:0]
+		:KUBE-SVC-2222222222222222 - [0:0]
+		:KUBE-SVC-3333333333333333 - [0:0]
+		:KUBE-SVC-4444444444444444 - [0:0]
+		:KUBE-SVC-5555555555555555 - [0:0]
+		:KUBE-SVC-6666666666666666 - [0:0]
+		-A PREROUTING -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-CONTAINER
+		-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+		-A PREROUTING -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-CONTAINER
+		-A OUTPUT -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-HOST
+		-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
+		-A OUTPUT -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-HOST
+		-A POSTROUTING -s 10.246.1.0/24 ! -o cbr0 -j MASQUERADE
+		-A POSTROUTING -s 10.0.2.15 -d 10.0.2.15 -m comment --comment "handle pod connecting to self" -j MASQUERADE
+		-A KUBE-PORTALS-CONTAINER -d 10.247.0.1 -p tcp -m comment --comment "portal for default/kubernetes:" -m state --state NEW -m tcp --dport 443 -j KUBE-SVC-5555555555555555
+		-A KUBE-PORTALS-CONTAINER -d 10.247.0.10 -p udp -m comment --comment "portal for kube-system/kube-dns:dns" -m state --state NEW -m udp --dport 53 -j KUBE-SVC-6666666666666666
+		-A KUBE-PORTALS-CONTAINER -d 10.247.0.10 -p tcp -m comment --comment "portal for kube-system/kube-dns:dns-tcp" -m state --state NEW -m tcp --dport 53 -j KUBE-SVC-2222222222222222
+		-A KUBE-PORTALS-HOST -d 10.247.0.1 -p tcp -m comment --comment "portal for default/kubernetes:" -m state --state NEW -m tcp --dport 443 -j KUBE-SVC-5555555555555555
+		-A KUBE-PORTALS-HOST -d 10.247.0.10 -p udp -m comment --comment "portal for kube-system/kube-dns:dns" -m state --state NEW -m udp --dport 53 -j KUBE-SVC-6666666666666666
+		-A KUBE-PORTALS-HOST -d 10.247.0.10 -p tcp -m comment --comment "portal for kube-system/kube-dns:dns-tcp" -m state --state NEW -m tcp --dport 53 -j KUBE-SVC-2222222222222222
+		-A KUBE-SVC-1111111111111111 -p udp -m comment --comment "kube-system/kube-dns:dns" -m recent --set --name KUBE-SVC-1111111111111111 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.246.1.2:53
+		-A KUBE-SVC-2222222222222222 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SVC-3333333333333333
+		-A KUBE-SVC-3333333333333333 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m recent --set --name KUBE-SVC-3333333333333333 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.246.1.2:53
+		-A KUBE-SVC-4444444444444444 -p tcp -m comment --comment "default/kubernetes:" -m recent --set --name KUBE-SVC-4444444444444444 --mask 255.255.255.255 --rsource -j DNAT --to-destination 10.245.1.2:443
+		-A KUBE-SVC-5555555555555555 -m comment --comment "default/kubernetes:" -j KUBE-SVC-4444444444444444
+		-A KUBE-SVC-6666666666666666 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SVC-1111111111111111
+		COMMIT
+		# Completed on Fri Aug  7 14:47:37 2015
+		# Generated by iptables-save v1.4.21 on Fri Aug  7 14:47:37 2015
+		*filter
+		:INPUT ACCEPT [17514:83115836]
+		:FORWARD ACCEPT [0:0]
+		:OUTPUT ACCEPT [8909:688225]
+		:DOCKER - [0:0]
+		-A FORWARD -o cbr0 -j DOCKER
+		-A FORWARD -o cbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+		-A FORWARD -i cbr0 ! -o cbr0 -j ACCEPT
+		-A FORWARD -i cbr0 -o cbr0 -j ACCEPT
+		COMMIT
+		`)
 	expected := map[Chain]string{
 		ChainPrerouting:                    ":PREROUTING ACCEPT [2:138]",
 		Chain("INPUT"):                     ":INPUT ACCEPT [0:0]",