Add a unit test for utiliptables.New()

2025-09-14 21:53:52 +00:00 · 2025-01-25 12:06:36 -05:00
parent 9c98d29795
commit f1d0eb4fe4
1 changed files with 162 additions and 32 deletions
--- a/pkg/util/iptables/iptables_test.go
+++ b/pkg/util/iptables/iptables_test.go
@@ -42,44 +42,174 @@ func getLockPaths() (string, string) {
 	return lock14x, lock16x
 }
-func testIPTablesVersionCmds(t *testing.T, protocol Protocol) {
+type testCommand struct {
-	version := " v1.4.22"
+	command string
-	iptablesCmd := iptablesCommand(protocol)
+	action  fakeexec.FakeAction
-	iptablesRestoreCmd := iptablesRestoreCommand(protocol)
+}
-	fcmd := fakeexec.FakeCmd{
+// Creates a FakeExec that expects exactly commands to be run (and will fail otherwise).
-		CombinedOutputScript: []fakeexec.FakeAction{
+func fakeExecForCommands(commands []testCommand) *fakeexec.FakeExec {
 			// iptables version response (for runner instantiation)
 			func() ([]byte, []byte, error) { return []byte(iptablesCmd + version), nil, nil },
 			// iptables-restore version response (for runner instantiation)
 			func() ([]byte, []byte, error) { return []byte(iptablesRestoreCmd + version), nil, nil },
 		},
 	}
 	fexec := &fakeexec.FakeExec{
-		CommandScript: []fakeexec.FakeCommandAction{
+		CommandScript: make([]fakeexec.FakeCommandAction, len(commands)),
-			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
+		ExactOrder:    true,
-			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
+	}
 	for i := range commands {
 		fcmd := fakeexec.FakeCmd{
 			CombinedOutputScript: []fakeexec.FakeAction{commands[i].action},
 		}
 		argv := strings.Fields(commands[i].command)
 		fexec.CommandScript[i] = func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, argv[0], argv[1:]...) }
 	}
 	return fexec
 }
 func TestFakeExecForCommands(t *testing.T) {
 	var panicresult interface{}
 	defer func() {
 		panicresult = recover()
 	}()
 	fake1 := fakeExecForCommands([]testCommand{{
 		command: "foo bar baz",
 		action:  func() ([]byte, []byte, error) { return []byte("output"), nil, nil },
 	}})
 	cmd := fake1.Command("foo", "bar", "baz")
 	out, err := cmd.CombinedOutput()
 	if string(out) != "output" {
 		t.Errorf("fake1: wrong output: expected %q, got %q", "output", out)
 	}
 	if err != nil {
 		t.Errorf("fake1: expected no error, got %v", err)
 	}
 	if panicresult != nil {
 		t.Errorf("fake1: expected no panic, got %q", panicresult)
 	}
 	fake2 := fakeExecForCommands([]testCommand{{
 		command: "foo bar baz",
 		action:  func() ([]byte, []byte, error) { return []byte("output"), nil, nil },
 	}})
 	_ = fake2.Command("foo", "baz")
 	if panicresult == nil {
 		t.Errorf("fake2: expected panic from FakeExec, got none")
 	}
 }
 func TestNew(t *testing.T) {
 	testCases := []struct {
 		name     string
 		commands []testCommand
 		expected *runner
 	}{
 		{
 			name: "ancient",
 			commands: []testCommand{
 				{
 					command: "iptables --version",
 					action:  func() ([]byte, []byte, error) { return []byte("iptables v1.4.0"), nil, nil },
 				},
 				{
 					// iptables-restore version check: ignores --version and just no-ops
 					command: "iptables-restore --version",
 					action:  func() ([]byte, []byte, error) { return nil, nil, nil },
 				},
 			},
 			expected: &runner{
 				hasCheck:        false,
 				hasRandomFully:  false,
 				waitFlag:        nil,
 				restoreWaitFlag: nil,
 			},
 		},
 		{
 			name: "RHEL/CentOS 7",
 			commands: []testCommand{
 				{
 					command: "iptables --version",
 					action:  func() ([]byte, []byte, error) { return []byte("iptables v1.4.21"), nil, nil },
 				},
 				{
 					command: "iptables-restore --version",
 					action:  func() ([]byte, []byte, error) { return []byte("iptables-restore v1.4.21"), nil, nil },
 				},
 			},
 			expected: &runner{
 				hasCheck:        true,
 				hasRandomFully:  false,
 				waitFlag:        []string{"-w"},
 				restoreWaitFlag: []string{"-w"},
 			},
 		},
 		{
 			name: "1.6",
 			commands: []testCommand{
 				{
 					command: "iptables --version",
 					action:  func() ([]byte, []byte, error) { return []byte("iptables v1.6.2"), nil, nil },
 				},
 			},
 			expected: &runner{
 				hasCheck:        true,
 				hasRandomFully:  true,
 				waitFlag:        []string{"-w", "5", "-W", "100000"},
 				restoreWaitFlag: []string{"-w", "5", "-W", "100000"},
 			},
 		},
 		{
 			name: "1.8",
 			commands: []testCommand{
 				{
 					command: "iptables --version",
 					action:  func() ([]byte, []byte, error) { return []byte("iptables v1.8.11"), nil, nil },
 				},
 			},
 			expected: &runner{
 				hasCheck:        true,
 				hasRandomFully:  true,
 				waitFlag:        []string{"-w", "5", "-W", "100000"},
 				restoreWaitFlag: []string{"-w", "5", "-W", "100000"},
 			},
 		},
 		{
 			name: "no iptables",
 			commands: []testCommand{
 				{
 					command: "iptables --version",
 					action:  func() ([]byte, []byte, error) { return nil, nil, fmt.Errorf("no such file or directory") },
 				},
 				{
 					command: "iptables-restore --version",
 					action:  func() ([]byte, []byte, error) { return nil, nil, fmt.Errorf("no such file or directory") },
 				},
 			},
 			expected: &runner{
 				hasCheck:        true,
 				hasRandomFully:  false,
 				waitFlag:        nil,
 				restoreWaitFlag: nil,
 			},
 		},
 	}
 	_ = newInternal(fexec, protocol, "", "")
-	// Check that proper iptables version command was used during runner instantiation
+	for _, tc := range testCases {
-	if !sets.New(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") {
+		t.Run(tc.name, func(t *testing.T) {
-		t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesCmd, fcmd.CombinedOutputLog[0])
+			fexec := fakeExecForCommands(tc.commands)
 			runner := newInternal(fexec, ProtocolIPv4, "", "").(*runner)
 			if runner.hasCheck != tc.expected.hasCheck {
 				t.Errorf("Expected hasCheck=%v, got %v", tc.expected.hasCheck, runner.hasCheck)
 			}
-
+			if runner.hasRandomFully != tc.expected.hasRandomFully {
-	// Check that proper iptables restore version command was used during runner instantiation
+				t.Errorf("Expected hasRandomFully=%v, got %v", tc.expected.hasRandomFully, runner.hasRandomFully)
-	if !sets.New(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") {
+			}
-		t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesRestoreCmd, fcmd.CombinedOutputLog[1])
+			if !reflect.DeepEqual(runner.waitFlag, tc.expected.waitFlag) {
 				t.Errorf("Expected waitFlag=%v, got %v", tc.expected.waitFlag, runner.waitFlag)
 			}
 			if !reflect.DeepEqual(runner.restoreWaitFlag, tc.expected.restoreWaitFlag) {
 				t.Errorf("Expected restoreWaitFlag=%v, got %v", tc.expected.restoreWaitFlag, runner.restoreWaitFlag)
 			}
 		})
 	}
 }
 func TestIPTablesVersionCmdsIPv4(t *testing.T) {
 	testIPTablesVersionCmds(t, ProtocolIPv4)
 }
 func TestIPTablesVersionCmdsIPv6(t *testing.T) {
 	testIPTablesVersionCmds(t, ProtocolIPv6)
 }
 func testEnsureChain(t *testing.T, protocol Protocol) {