Merge pull request #85562 from gkarthiks/master

golint fixes for /pkg/util/iptables/testing
This commit is contained in:
Kubernetes Prow Robot 2019-11-27 10:46:45 -08:00 committed by GitHub
commit c58b63267c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 15 deletions

View File

@ -217,7 +217,6 @@ pkg/ssh
pkg/util/config pkg/util/config
pkg/util/ebtables pkg/util/ebtables
pkg/util/goroutinemap/exponentialbackoff pkg/util/goroutinemap/exponentialbackoff
pkg/util/iptables/testing
pkg/util/labels # See previous effort in PR #80685 pkg/util/labels # See previous effort in PR #80685
pkg/util/oom pkg/util/oom
pkg/util/procfs pkg/util/procfs

View File

@ -26,80 +26,105 @@ import (
) )
const ( const (
// Destination represents the destination address flag
Destination = "-d " Destination = "-d "
Source = "-s " // Source represents the source address flag
DPort = "--dport " Source = "-s "
Protocol = "-p " // DPort represents the destination port flag
Jump = "-j " DPort = "--dport "
Reject = "REJECT" // Protocol represents the protocol flag
ToDest = "--to-destination " Protocol = "-p "
Recent = "recent " // Jump represents jump flag specifies the jump target
MatchSet = "--match-set " Jump = "-j "
SrcType = "--src-type " // Reject specifies the reject target
Masquerade = "MASQUERADE " Reject = "REJECT"
// ToDest represents the flag used to specify the destination address in DNAT
ToDest = "--to-destination "
// Recent represents the sub-command recent that allows to dynamically create list of IP address to match against
Recent = "recent "
// MatchSet represents the flag which match packets against the specified set
MatchSet = "--match-set "
// SrcType represents the --src-type flag which matches if the source address is of given type
SrcType = "--src-type "
// Masquerade represents the target that is used in nat table.
Masquerade = "MASQUERADE "
) )
// Rule holds a map of rules.
type Rule map[string]string type Rule map[string]string
// no-op implementation of iptables Interface // FakeIPTables is no-op implementation of iptables Interface.
type FakeIPTables struct { type FakeIPTables struct {
hasRandomFully bool hasRandomFully bool
Lines []byte Lines []byte
} }
// NewFake returns a no-op iptables.Interface
func NewFake() *FakeIPTables { func NewFake() *FakeIPTables {
return &FakeIPTables{} return &FakeIPTables{}
} }
// SetHasRandomFully is part of iptables.Interface
func (f *FakeIPTables) SetHasRandomFully(can bool) *FakeIPTables { func (f *FakeIPTables) SetHasRandomFully(can bool) *FakeIPTables {
f.hasRandomFully = can f.hasRandomFully = can
return f return f
} }
// EnsureChain is part of iptables.Interface
func (*FakeIPTables) EnsureChain(table iptables.Table, chain iptables.Chain) (bool, error) { func (*FakeIPTables) EnsureChain(table iptables.Table, chain iptables.Chain) (bool, error) {
return true, nil return true, nil
} }
// FlushChain is part of iptables.Interface
func (*FakeIPTables) FlushChain(table iptables.Table, chain iptables.Chain) error { func (*FakeIPTables) FlushChain(table iptables.Table, chain iptables.Chain) error {
return nil return nil
} }
// DeleteChain is part of iptables.Interface
func (*FakeIPTables) DeleteChain(table iptables.Table, chain iptables.Chain) error { func (*FakeIPTables) DeleteChain(table iptables.Table, chain iptables.Chain) error {
return nil return nil
} }
// EnsureRule is part of iptables.Interface
func (*FakeIPTables) EnsureRule(position iptables.RulePosition, table iptables.Table, chain iptables.Chain, args ...string) (bool, error) { func (*FakeIPTables) EnsureRule(position iptables.RulePosition, table iptables.Table, chain iptables.Chain, args ...string) (bool, error) {
return true, nil return true, nil
} }
// DeleteRule is part of iptables.Interface
func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args ...string) error { func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args ...string) error {
return nil return nil
} }
// IsIpv6 is part of iptables.Interface
func (*FakeIPTables) IsIpv6() bool { func (*FakeIPTables) IsIpv6() bool {
return false return false
} }
// Save is part of iptables.Interface
func (f *FakeIPTables) Save(table iptables.Table) ([]byte, error) { func (f *FakeIPTables) Save(table iptables.Table) ([]byte, error) {
lines := make([]byte, len(f.Lines)) lines := make([]byte, len(f.Lines))
copy(lines, f.Lines) copy(lines, f.Lines)
return lines, nil return lines, nil
} }
// SaveInto is part of iptables.Interface
func (f *FakeIPTables) SaveInto(table iptables.Table, buffer *bytes.Buffer) error { func (f *FakeIPTables) SaveInto(table iptables.Table, buffer *bytes.Buffer) error {
buffer.Write(f.Lines) buffer.Write(f.Lines)
return nil return nil
} }
// Restore is part of iptables.Interface
func (*FakeIPTables) Restore(table iptables.Table, data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error { func (*FakeIPTables) Restore(table iptables.Table, data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error {
return nil return nil
} }
// RestoreAll is part of iptables.Interface
func (f *FakeIPTables) RestoreAll(data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error { func (f *FakeIPTables) RestoreAll(data []byte, flush iptables.FlushFlag, counters iptables.RestoreCountersFlag) error {
f.Lines = data f.Lines = data
return nil return nil
} }
// Monitor is part of iptables.Interface
func (f *FakeIPTables) Monitor(canary iptables.Chain, tables []iptables.Table, reloadFunc func(), interval time.Duration, stopCh <-chan struct{}) { func (f *FakeIPTables) Monitor(canary iptables.Chain, tables []iptables.Table, reloadFunc func(), interval time.Duration, stopCh <-chan struct{}) {
} }
@ -111,9 +136,7 @@ func getToken(line, separator string) string {
return "" return ""
} }
// GetChain returns a list of rules for the given chain. // GetRules is part of iptables.Interface
// The chain name must match exactly.
// The matching is pretty dumb, don't rely on it for anything but testing.
func (f *FakeIPTables) GetRules(chainName string) (rules []Rule) { func (f *FakeIPTables) GetRules(chainName string) (rules []Rule) {
for _, l := range strings.Split(string(f.Lines), "\n") { for _, l := range strings.Split(string(f.Lines), "\n") {
if strings.Contains(l, fmt.Sprintf("-A %v", chainName)) { if strings.Contains(l, fmt.Sprintf("-A %v", chainName)) {
@ -130,6 +153,7 @@ func (f *FakeIPTables) GetRules(chainName string) (rules []Rule) {
return return
} }
// HasRandomFully is part of iptables.Interface
func (f *FakeIPTables) HasRandomFully() bool { func (f *FakeIPTables) HasRandomFully() bool {
return f.hasRandomFully return f.hasRandomFully
} }