istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/istio-clean-iptables/pkg/cmd/cleanup_test.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package cmd 16 17 import ( 18 "path/filepath" 19 "strings" 20 "testing" 21 22 "github.com/google/go-cmp/cmp" 23 24 testutil "istio.io/istio/pilot/test/util" 25 "istio.io/istio/tools/istio-clean-iptables/pkg/config" 26 "istio.io/istio/tools/istio-iptables/pkg/constants" 27 dep "istio.io/istio/tools/istio-iptables/pkg/dependencies" 28 ) 29 30 func constructTestConfig() *config.Config { 31 return &config.Config{ 32 ProxyUID: constants.DefaultProxyUID, 33 ProxyGID: constants.DefaultProxyUID, 34 OwnerGroupsInclude: constants.OwnerGroupsInclude.DefaultValue, 35 } 36 } 37 38 func TestIptables(t *testing.T) { 39 cases := []struct { 40 name string 41 config func(cfg *config.Config) 42 }{ 43 { 44 "empty", 45 func(*config.Config) {}, 46 }, 47 { 48 "dns", 49 func(cfg *config.Config) { 50 cfg.RedirectDNS = true 51 }, 52 }, 53 { 54 "dns-uid-gid", 55 func(cfg *config.Config) { 56 cfg.RedirectDNS = true 57 cfg.DNSServersV4 = []string{"127.0.0.53"} 58 cfg.DNSServersV6 = []string{"::127.0.0.53"} 59 cfg.ProxyGID = "1,2" 60 cfg.ProxyUID = "3,4" 61 }, 62 }, 63 { 64 "outbound-owner-groups", 65 func(cfg *config.Config) { 66 cfg.RedirectDNS = true 67 cfg.OwnerGroupsInclude = "java,202" 68 }, 69 }, 70 { 71 "outbound-owner-groups-exclude", 72 func(cfg *config.Config) { 73 cfg.RedirectDNS = true 74 cfg.OwnerGroupsExclude = "888,ftp" 75 }, 76 }, 77 { 78 "inbound-interception-mode", 79 func(cfg *config.Config) { 80 cfg.InboundInterceptionMode = "TPROXY" 81 cfg.InboundTProxyMark = "1337" 82 }, 83 }, 84 } 85 for _, tt := range cases { 86 t.Run(tt.name, func(t *testing.T) { 87 cfg := constructTestConfig() 88 tt.config(cfg) 89 90 ext := &dep.DependenciesStub{} 91 iptStub, _ := ext.DetectIptablesVersion(false) 92 ip6tStub, _ := ext.DetectIptablesVersion(true) 93 cleaner := NewIptablesCleaner(cfg, &iptStub, &ip6tStub, ext) 94 95 cleaner.Run() 96 97 compareToGolden(t, tt.name, ext.ExecutedAll) 98 99 expectedExecutedNormally := []string{"iptables-save", "ip6tables-save"} 100 if diff := cmp.Diff(ext.ExecutedNormally, expectedExecutedNormally); diff != "" { 101 t.Fatalf("Executed normally commands: got\n%v\nwant\n%vdiff %v", 102 ext.ExecutedNormally, expectedExecutedNormally, diff) 103 } 104 105 expectedExecutedQuietly := ext.ExecutedAll[:len(ext.ExecutedAll)-len(expectedExecutedNormally)] 106 if diff := cmp.Diff(ext.ExecutedQuietly, expectedExecutedQuietly); diff != "" { 107 t.Fatalf("Executed quietly commands: got\n%v\nwant\n%vdiff %v", 108 ext.ExecutedQuietly, expectedExecutedQuietly, diff) 109 } 110 }) 111 } 112 } 113 114 func compareToGolden(t *testing.T, name string, actual []string) { 115 t.Helper() 116 gotBytes := []byte(strings.Join(actual, "\n")) 117 goldenFile := filepath.Join("testdata", name+".golden") 118 testutil.CompareContent(t, gotBytes, goldenFile) 119 }