diff --git a/hack/.golint_failures b/hack/.golint_failures index 6460660a444..9038c00c361 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -217,7 +217,6 @@ pkg/ssh pkg/util/config pkg/util/ebtables pkg/util/goroutinemap/exponentialbackoff -pkg/util/iptables/testing pkg/util/labels # See previous effort in PR #80685 pkg/util/oom pkg/util/procfs diff --git a/pkg/util/iptables/testing/fake.go b/pkg/util/iptables/testing/fake.go index c95d9810a65..8d365708ed8 100644 --- a/pkg/util/iptables/testing/fake.go +++ b/pkg/util/iptables/testing/fake.go @@ -26,80 +26,105 @@ import ( ) const ( + // Destination represents the destination address flag Destination = "-d " - Source = "-s " - DPort = "--dport " - Protocol = "-p " - Jump = "-j " - Reject = "REJECT" - ToDest = "--to-destination " - Recent = "recent " - MatchSet = "--match-set " - SrcType = "--src-type " - Masquerade = "MASQUERADE " + // Source represents the source address flag + Source = "-s " + // DPort represents the destination port flag + DPort = "--dport " + // Protocol represents the protocol flag + Protocol = "-p " + // Jump represents jump flag specifies the jump target + Jump = "-j " + // Reject specifies the reject target + Reject = "REJECT" + // ToDest represents the flag used to specify the destination address in DNAT + ToDest = "--to-destination " + // Recent represents the sub-command recent that allows to dynamically create list of IP address to match against + Recent = "recent " + // MatchSet represents the flag which match packets against the specified set + MatchSet = "--match-set " + // SrcType represents the --src-type flag which matches if the source address is of given type + SrcType = "--src-type " + // Masquerade represents the target that is used in nat table. + Masquerade = "MASQUERADE " ) +// Rule holds a map of rules. type Rule map[string]string -// no-op implementation of iptables Interface +// FakeIPTables is no-op implementation of iptables Interface. type FakeIPTables struct { hasRandomFully bool Lines []byte } +// NewFake returns a no-op iptables.Interface func NewFake() *FakeIPTables { return &FakeIPTables{} } +// SetHasRandomFully is part of iptables.Interface func (f *FakeIPTables) SetHasRandomFully(can bool) *FakeIPTables { f.hasRandomFully = can return f } +// EnsureChain is part of iptables.Interface func (*FakeIPTables) EnsureChain(table iptables.Table, chain iptables.Chain) (bool, error) { return true, nil } +// FlushChain is part of iptables.Interface func (*FakeIPTables) FlushChain(table iptables.Table, chain iptables.Chain) error { return nil } +// DeleteChain is part of iptables.Interface func (*FakeIPTables) DeleteChain(table iptables.Table, chain iptables.Chain) error { return nil } +// EnsureRule is part of iptables.Interface func (*FakeIPTables) EnsureRule(position iptables.RulePosition, table iptables.Table, chain iptables.Chain, args ...string) (bool, error) { return true, nil } +// DeleteRule is part of iptables.Interface func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args ...string) error { return nil } +// IsIpv6 is part of iptables.Interface func (*FakeIPTables) IsIpv6() bool { return false } +// Save is part of iptables.Interface func (f *FakeIPTables) Save(table iptables.Table) ([]byte, error) { lines := make([]byte, len(f.Lines)) copy(lines, f.Lines) return lines, nil } +// SaveInto is part of iptables.Interface func (f *FakeIPTables) SaveInto(table iptables.Table, buffer *bytes.Buffer) error { buffer.Write(f.Lines) return nil } +// Restore is part of iptables.Interface func (*FakeIPTables) Restore(table iptables.Table, data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error { return nil } +// RestoreAll is part of iptables.Interface func (f *FakeIPTables) RestoreAll(data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error { f.Lines = data return nil } +// Monitor is part of iptables.Interface func (f *FakeIPTables) Monitor(canary iptables.Chain, tables []iptables.Table, reloadFunc func(), interval time.Duration, stopCh <-chan struct{}) { } @@ -111,9 +136,7 @@ func getToken(line, separator string) string { return "" } -// GetChain returns a list of rules for the given chain. -// The chain name must match exactly. -// The matching is pretty dumb, don't rely on it for anything but testing. +// GetRules is part of iptables.Interface func (f *FakeIPTables) GetRules(chainName string) (rules []Rule) { for _, l := range strings.Split(string(f.Lines), "\n") { if strings.Contains(l, fmt.Sprintf("-A %v", chainName)) { @@ -130,6 +153,7 @@ func (f *FakeIPTables) GetRules(chainName string) (rules []Rule) { return } +// HasRandomFully is part of iptables.Interface func (f *FakeIPTables) HasRandomFully() bool { return f.hasRandomFully }