...

Source file src/github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/iptables_server_test.go

Documentation: github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon 

     1  // Copyright 2021 Chaos Mesh Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  // http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  
    16  package chaosdaemon
    17  
    18  import (
    19  	"context"
    20  	"os"
    21  	"os/exec"
    22  
    23  	. "github.com/onsi/ginkgo/v2"
    24  	. "github.com/onsi/gomega"
    25  	"github.com/pkg/errors"
    26  
    27  	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/crclients"
    28  	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/crclients/test"
    29  	"github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/pb"
    30  	"github.com/chaos-mesh/chaos-mesh/pkg/log"
    31  	"github.com/chaos-mesh/chaos-mesh/pkg/mock"
    32  )
    33  
    34  var _ = Describe("iptables server", func() {
    35  	defer mock.With("MockContainerdClient", &test.MockClient{})()
    36  	logger, err := log.NewDefaultZapLogger()
    37  	Expect(err).To(BeNil())
    38  	s, _ := newDaemonServer(&crclients.CrClientConfig{
    39  		Runtime: crclients.ContainerRuntimeContainerd}, nil, logger)
    40  
    41  	Context("FlushIptables", func() {
    42  		It("should work", func() {
    43  			defer mock.With("pid", 9527)()
    44  			defer mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
    45  				Expect(cmd).To(Equal("/usr/local/bin/nsexec"))
    46  				Expect(args[0]).To(Equal("-n"))
    47  				Expect(args[1]).To(Equal("/proc/9527/ns/net"))
    48  				Expect(args[2]).To(Equal("--"))
    49  				Expect(args[3]).To(Equal(iptablesCmd))
    50  				return exec.Command("echo", "-n")
    51  			})()
    52  			_, err := s.SetIptablesChains(context.TODO(), &pb.IptablesChainsRequest{
    53  				Chains: []*pb.Chain{{
    54  					Name:      "TEST",
    55  					Direction: pb.Chain_INPUT,
    56  					Ipsets:    []string{},
    57  				}},
    58  				ContainerId: "containerd://container-id",
    59  				EnterNS:     true,
    60  			})
    61  			Expect(err).To(BeNil())
    62  		})
    63  
    64  		It("should fail on get pid", func() {
    65  			const errorStr = "mock error on Task()"
    66  			defer mock.With("TaskError", errors.New(errorStr))()
    67  			_, err := s.SetIptablesChains(context.TODO(), &pb.IptablesChainsRequest{
    68  				Chains: []*pb.Chain{{
    69  					Name:      "TEST",
    70  					Direction: pb.Chain_INPUT,
    71  					Ipsets:    []string{},
    72  				}},
    73  				ContainerId: "containerd://container-id",
    74  				EnterNS:     true,
    75  			})
    76  			Expect(err).ToNot(BeNil())
    77  			Expect(err.Error()).To(Equal(errorStr))
    78  		})
    79  
    80  		It("should fail on unknown chain direction", func() {
    81  			defer mock.With("pid", 9527)()
    82  			defer mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
    83  				Expect(cmd).To(Equal("/usr/local/bin/nsexec"))
    84  				Expect(args[0]).To(Equal("-n"))
    85  				Expect(args[1]).To(Equal("/proc/9527/ns/net"))
    86  				Expect(args[2]).To(Equal("--"))
    87  				Expect(args[3]).To(Equal(iptablesCmd))
    88  				return exec.Command("echo", "-n")
    89  			})()
    90  
    91  			_, err := s.SetIptablesChains(context.TODO(), &pb.IptablesChainsRequest{
    92  				Chains: []*pb.Chain{{
    93  					Name:      "TEST",
    94  					Direction: pb.Chain_Direction(233),
    95  					Ipsets:    []string{},
    96  				}},
    97  				ContainerId: "containerd://container-id",
    98  				EnterNS:     true,
    99  			})
   100  			Expect(err).ToNot(BeNil())
   101  			Expect(err.Error()).To(Equal("unknown chain direction 233"))
   102  		})
   103  
   104  		It("should fail on command error", func() {
   105  			// The mockfail.sh will fail
   106  			err := os.WriteFile("/tmp/mockfail.sh", []byte(`#! /bin/sh
   107  exit 1
   108  			`), 0755)
   109  			Expect(err).To(BeNil())
   110  			defer os.Remove("/tmp/mockfail.sh")
   111  			defer mock.With("MockProcessBuild", func(ctx context.Context, cmd string, args ...string) *exec.Cmd {
   112  				return exec.Command("mockfail.sh")
   113  			})()
   114  			_, err = s.SetIptablesChains(context.TODO(), &pb.IptablesChainsRequest{
   115  				Chains: []*pb.Chain{{
   116  					Name:      "TEST",
   117  					Direction: pb.Chain_INPUT,
   118  					Ipsets:    []string{},
   119  				}},
   120  				ContainerId: "containerd://container-id",
   121  				EnterNS:     true,
   122  			})
   123  			Expect(err).ToNot(BeNil())
   124  		})
   125  	})
   126  })
   127