1 package iptables
2
3 import (
4 "context"
5 "os"
6 "path/filepath"
7 "testing"
8
9 "github.com/spf13/afero"
10 "github.com/stretchr/testify/assert"
11 kruntime "k8s.io/apimachinery/pkg/runtime"
12 utilruntime "k8s.io/apimachinery/pkg/util/runtime"
13 clientgoscheme "k8s.io/client-go/kubernetes/scheme"
14 "sigs.k8s.io/controller-runtime/pkg/client/fake"
15
16 mocks "edge-infra.dev/pkg/lib/kernel/netlink/link/mock"
17 v1ien "edge-infra.dev/pkg/sds/ien/k8s/apis/v1"
18 "edge-infra.dev/pkg/sds/ien/k8s/controllers/nodeagent/config"
19 "edge-infra.dev/test/f2"
20 )
21
22 var f f2.Framework
23
24 var (
25 expectedFirewallFiles = []string{
26 "nat-POSTROUTING-egressgw.rules",
27 "filter-OUTPUT-egressgw.rules",
28 "filter-INPUT-egressgw.rules",
29 "filter-FORWARD-egressgw.rules",
30 }
31 macAddress = "00-B0-D0-63-C2-26"
32 devices = map[string]string{
33 macAddress: "eth0",
34 }
35 )
36
37 func TestMain(m *testing.M) {
38 f = f2.New(context.Background(), f2.WithExtensions()).
39 Setup().
40 Teardown()
41 os.Exit(f.Run(m))
42 }
43
44 func TestIPTables_ien_firewall_service_available(t *testing.T) {
45 var cfg config.Config
46 var memfs afero.Fs
47 var ienode *v1ien.IENode
48
49 feature := f2.NewFeature("IPTables plugin").
50 Setup("setup testing namespace", func(ctx f2.Context, t *testing.T) f2.Context {
51 ienode = genIENode()
52
53 memFS, err := createMemFSWithIENFWBinary()
54 assert.NoError(t, err)
55 memfs = memFS
56
57 kclient := fake.NewClientBuilder().WithScheme(createScheme()).WithObjects(ienode).Build()
58 cfg = config.NewConfig(kclient, nil, nil, config.Flags{}).WithFs(memfs).WithNetLinker(&mocks.MockNetLink{Devices: devices})
59 return ctx
60 }).
61 Test("plugin reconciles", func(ctx f2.Context, t *testing.T) f2.Context {
62 _, err := Plugin{}.Reconcile(context.Background(), ienode, cfg)
63 assert.NoError(t, err)
64
65 exists, err := fileExists(memfs, "nat-POSTROUTING-egressgw.rules")
66 assert.NoError(t, err)
67 assert.True(t, exists)
68
69 exists, err = fileExists(memfs, "filter-OUTPUT-egressgw.rules")
70 assert.NoError(t, err)
71 assert.True(t, exists)
72
73 for _, expectedFileName := range expectedFirewallFiles {
74 exists, err = fileExists(memfs, expectedFileName)
75 assert.NoError(t, err)
76 assert.True(t, exists)
77 }
78
79 return ctx
80 }).Feature()
81
82 f.Test(t, feature)
83 }
84
85 func fileExists(memfs afero.Fs, name string) (bool, error) {
86 return afero.Exists(memfs, filepath.Join(fwDirectory, name))
87 }
88
89 func genIENode() *v1ien.IENode {
90 return &v1ien.IENode{
91 Spec: v1ien.IENodeSpec{
92 Role: v1ien.ControlPlane,
93 Network: []v1ien.Network{
94 {
95 MacAddress: macAddress,
96 },
97 },
98 },
99 }
100 }
101
102 func createMemFSWithIENFWBinary() (afero.Fs, error) {
103 fs := afero.NewMemMapFs()
104 file, err := fs.Create("/usr/local/bin/ien-fw")
105 if err != nil {
106 return nil, err
107 }
108 defer file.Close()
109 return fs, nil
110 }
111
112 func createScheme() *kruntime.Scheme {
113 scheme := kruntime.NewScheme()
114 utilruntime.Must(clientgoscheme.AddToScheme(scheme))
115 utilruntime.Must(v1ien.AddToScheme(scheme))
116 return scheme
117 }
118
View as plain text