github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/iptables_linux_test.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/iptables_linux_test.go (about)

     1  package iptablesctrl
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/aporeto-inc/go-ipset/ipset"
     8  	"go.aporeto.io/enforcerd/trireme-lib/controller/constants"
     9  	provider "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/aclprovider"
    10  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/fqconfig"
    11  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/ipsetmanager"
    12  	"go.aporeto.io/enforcerd/trireme-lib/policy"
    13  )
    14  
    15  // This file contains shared implementation for Linux iptables tests
    16  
    17  func createTestInstance(ips ipsetmanager.IpsetProvider, iptv4 provider.IptablesProvider, iptv6 provider.IptablesProvider, mode constants.ModeType, ServiceMeshType policy.ServiceMesh) (*Instance, error) {
    18  
    19  	ipv4Impl := &ipv4{ipt: iptv4}
    20  	ipv6Impl := &ipv6{ipt: iptv6, ipv6Enabled: true}
    21  
    22  	fq := fqconfig.NewFilterQueue(4, []string{"0.0.0.0/0",
    23  		"::/0"})
    24  
    25  	ipsetmanager.SetIpsetTestInstance(ips)
    26  	ipsv4 := ipsetmanager.V4test()
    27  	ipsv6 := ipsetmanager.V6test()
    28  
    29  	iptInstanceV4 := createIPInstance(ipv4Impl, ipsv4, fq, mode, nil, ServiceMeshType)
    30  	iptInstanceV6 := createIPInstance(ipv6Impl, ipsv6, fq, mode, nil, ServiceMeshType)
    31  	icmpAllow = testICMPAllow
    32  
    33  	return newInstanceWithProviders(iptInstanceV4, iptInstanceV6)
    34  }
    35  
    36  // Fake iptables controller that always returns succes.
    37  type baseIpt struct{}
    38  
    39  // Append apends a rule to chain of table
    40  func (b *baseIpt) Append(table, chain string, rulespec ...string) error { return nil }
    41  
    42  // Insert inserts a rule to a chain of table at the required pos
    43  func (b *baseIpt) Insert(table, chain string, pos int, rulespec ...string) error { return nil }
    44  
    45  // Delete deletes a rule of a chain in the given table
    46  func (b *baseIpt) Delete(table, chain string, rulespec ...string) error { return nil }
    47  
    48  // ListChains lists all the chains associated with a table
    49  func (b *baseIpt) ListChains(table string) ([]string, error) { return nil, nil }
    50  
    51  // ClearChain clears a chain in a table
    52  func (b *baseIpt) ClearChain(table, chain string) error { return nil }
    53  
    54  // DeleteChain deletes a chain in the table. There should be no references to this chain
    55  func (b *baseIpt) DeleteChain(table, chain string) error { return nil }
    56  
    57  // NewChain creates a new chain
    58  func (b *baseIpt) NewChain(table, chain string) error { return nil }
    59  
    60  // ListRules lists the rules in a table/chain
    61  func (b *baseIpt) ListRules(table, chain string) ([]string, error) { return []string{}, nil }
    62  
    63  // Fake memory IPset that will tell us if we are deleting or installing
    64  // bad things.
    65  type memoryIPSet struct {
    66  	set map[string]bool
    67  }
    68  
    69  func (m *memoryIPSet) Add(entry string, timeout int) error {
    70  	m.set[entry] = false
    71  	return nil
    72  }
    73  
    74  func (m *memoryIPSet) AddOption(entry string, option string, timeout int) error {
    75  	if option == "nomatch" {
    76  		m.set[entry] = true
    77  		return nil
    78  	}
    79  	return m.Add(entry, timeout)
    80  }
    81  
    82  func (m *memoryIPSet) Del(entry string) error {
    83  	if _, ok := m.set[entry]; !ok {
    84  		return fmt.Errorf("not found")
    85  	}
    86  	delete(m.set, entry)
    87  	return nil
    88  }
    89  
    90  func (m *memoryIPSet) Destroy() error {
    91  	m.set = map[string]bool{}
    92  	return nil
    93  }
    94  
    95  func (m *memoryIPSet) Flush() error {
    96  	m.set = map[string]bool{}
    97  	return nil
    98  }
    99  
   100  func (m *memoryIPSet) Test(entry string) (bool, error) {
   101  	_, ok := m.set[entry]
   102  	// TODO nomatch
   103  	return ok, nil
   104  }
   105  
   106  // Fake IpSetProvider that will use memory and allow us to
   107  // to simulate the system.
   108  type memoryIPSetProvider struct {
   109  	sets map[string]*memoryIPSet
   110  }
   111  
   112  func (m *memoryIPSetProvider) NewIpset(name string, hasht string, p *ipset.Params) (ipsetmanager.Ipset, error) {
   113  
   114  	if m.sets == nil {
   115  		return nil, fmt.Errorf("error")
   116  	}
   117  
   118  	_, ok := m.sets[name]
   119  	if ok {
   120  		return nil, fmt.Errorf("set exists")
   121  	}
   122  
   123  	newSet := &memoryIPSet{set: map[string]bool{}}
   124  	m.sets[name] = newSet
   125  	return newSet, nil
   126  }
   127  
   128  func (m *memoryIPSetProvider) GetIpset(name string) ipsetmanager.Ipset {
   129  	return m.sets[name]
   130  }
   131  
   132  func (m *memoryIPSetProvider) DestroyAll(prefix string) error {
   133  
   134  	for set := range m.sets {
   135  		if strings.HasPrefix(set, prefix) {
   136  			delete(m.sets, set)
   137  		}
   138  	}
   139  	return nil
   140  }
   141  
   142  func (m *memoryIPSetProvider) ListIPSets() ([]string, error) {
   143  	allSets := []string{}
   144  	for set := range m.sets {
   145  		allSets = append(allSets, set)
   146  	}
   147  	return allSets, nil
   148  }