221002-nf_tables

221002-legacy
Add integration tests related to PR #71
2022-10-02 17:03:51 +08:00 · 2022-10-02 17:01:24 +08:00 · 2022-09-26 22:00:05 +08:00 · 2022-09-26 21:43:22 +08:00 · 2022-09-26 21:43:22 +08:00 · 2022-09-26 21:43:22 +08:00
4 changed files with 65 additions and 14 deletions
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 ARG docker_version="20.10.17"
@@ -7,8 +7,15 @@ ENV['VAGRANT_NO_PARALLEL']="true"
 Vagrant.configure('2') do |config|
-  #config.vm.box = "chaifeng/ubuntu-22.04-docker-#{(`uname -m`.strip == "arm64")?"20.10.17-arm64":"19.03.13"}"
+  docker_version = "20.10.17"
-  config.vm.box = "chaifeng/ubuntu-20.04-docker-#{(`uname -m`.strip == "arm64")?"19.03.13-arm64":"19.03.13"}"
+
  ubuntu_version = File.readlines("Dockerfile").filter { |line|
    line.start_with?("FROM ")
  }.first.match(/\d\d\.\d\d/)[0]
  config.vm.box = "chaifeng/ubuntu-#{ubuntu_version}-docker-#{docker_version}#{(`uname -m`.strip == "arm64")?"-arm64":""}"
  #config.vm.box = "chaifeng/ubuntu-20.04-docker-20.10.17#{(`uname -m`.strip == "arm64")?"-arm64":""}"
  config.vm.provider 'virtualbox' do |vb|
    vb.memory = '1024'
@@ -81,14 +88,15 @@ Vagrant.configure('2') do |config|
            daemonize: true
    end
-    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"
+    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test-legacy"
    master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL
      set -euo pipefail
-      docker build -t #{ufw_docker_agent_image}-legacy /vagrant
+      suffix="$(iptables --version | grep -o '\\(nf_tables\\|legacy\\)')"
-      docker push #{ufw_docker_agent_image}-legacy
+      docker build -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
      docker push "#{ufw_docker_agent_image}-${suffix}"
-      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-nf_tables" > /etc/profile.d/ufw-docker.sh
+      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-${suffix}" > /etc/profile.d/ufw-docker.sh
      echo "export DEBUG=true" >> /etc/profile.d/ufw-docker.sh
      echo "Defaults env_keep += UFW_DOCKER_AGENT_IMAGE" > /etc/sudoers.d/98_ufw-docker
@@ -110,6 +118,8 @@ FROM httpd:alpine
 RUN { echo '#!/bin/sh'; \\
    echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\
    echo 'grep "^Listen 7000" || echo Listen 7000 >> /usr/local/apache2/conf/httpd.conf'; \\
    echo 'grep "^Listen 8080" || echo Listen 8080 >> /usr/local/apache2/conf/httpd.conf'; \\
    echo 'exec "$@"'; \\
    } > /entrypoint.sh; chmod +x /entrypoint.sh
@@ -167,6 +177,13 @@ DOCKERFILE
        done
        ufw-docker service allow public_service 80/tcp
        docker service create --name "public_multiport" \
            --publish "40080:80" --publish "47000:7000" --publish "48080:8080" \
            --env name="public_multiport" --replicas 3 #{private_registry}/chaifeng/hostname-webapp
        ufw-docker service allow public_multiport 80/tcp
        ufw-docker service allow public_multiport 8080/tcp
    SHELL
  end
@@ -193,7 +210,12 @@ DOCKERFILE
        set -euo pipefail
        set -x
        server="http://#{ip_prefix}.130"
-        function test-webapp() { timeout 3 curl --silent "$@"; }
+        function test-webapp() {
          if timeout 3 curl --silent "$@"
          then echo "Success: $*"
          else echo "Cannot visit: $*"; return 1
          fi
        }
        test-webapp "$server:18080"
        ! test-webapp "$server:8000"
@@ -203,6 +225,10 @@ DOCKERFILE
        test-webapp "$server:29090"
        ! test-webapp "$server:9000"
        test-webapp "$server:40080"
        test-webapp "$server:48080"
        ! test-webapp "$server:47000"
        echo "====================="
        echo "      TEST DONE      "
        echo "====================="
@@ -474,7 +474,7 @@ test-ufw-docker--list-name() {
    ufw-docker--list foo
 }
 test-ufw-docker--list-name-assert() {
-    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\( [[:graph:]]*\\)\$"
 }
 test-ufw-docker--list-name-udp() {
@@ -483,7 +483,7 @@ test-ufw-docker--list-name-udp() {
    ufw-docker--list foo "" udp
 }
 test-ufw-docker--list-name-udp-assert() {
-    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\( [[:graph:]]*\\)\$"
 }
@@ -493,7 +493,7 @@ test-ufw-docker--list-name-80() {
    ufw-docker--list foo 80
 }
 test-ufw-docker--list-name-80-assert() {
-    grep "# allow foo\\( 80\\/tcp\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( 80\\/tcp\\)\\( [[:graph:]]*\\)\$"
 }
@@ -503,7 +503,30 @@ test-ufw-docker--list-name-80-udp() {
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-name-80-udp-assert() {
-    grep "# allow foo\\( 80\\/udp\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
 }
 test-ufw-docker--list-grep-without-network() {
    @mocktrue ufw status numbered
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
    load-ufw-docker-function ufw-docker--list
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-grep-without-network-assert() {
    grep "# allow foo\\( 80\\/udp\\)\$"
 }
 test-ufw-docker--list-grep-without-network-and-port() {
    @mocktrue ufw status numbered
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\$"
    load-ufw-docker-function ufw-docker--list
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-grep-without-network-and-port-assert() {
    grep "# allow foo\$"
 }
@@ -11,7 +11,7 @@ GREP_REGEXP_INSTANCE_NAME="[-_.[:alnum:]]\\+"
 DEFAULT_PROTO=tcp
 ufw_docker_agent=ufw-docker-agent
-ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:220920-legacy}"
+ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:221002-nf_tables}"
 if [[ "${ufw_docker_agent_image}" = *-@(legacy|nf_tables) ]]; then
    if iptables --version | grep -F '(legacy)' &>/dev/null; then
@@ -42,7 +42,9 @@ function ufw-docker--list() {
       NETWORK="[[:graph:]]*"
    fi
-    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\?\\( ${NETWORK}\\)\\?\$"
+    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\( ${NETWORK}\\)\$" ||  \
    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\$" || \
    ufw status numbered | grep "# allow ${INSTANCE_NAME}\$"
 }
 function ufw-docker--list-number() {
Author	SHA1	Message	Date
Chai Feng	a273ac9d51	221002-nf_tables	2022-10-02 17:03:51 +08:00
Chai Feng	cdad5e2a02	221002-legacy	2022-10-02 17:01:24 +08:00
Chai Feng	9d890ee3ee	Add integration tests related to PR #71	2022-09-26 22:00:05 +08:00
Radosław Kłos	a1d3517aeb	Add integration tests for multiport app	2022-09-26 21:43:22 +08:00
Radosław Kłos	d1e6c13156	Add unit tests for alternative greps in ufw-docker--list	2022-09-26 21:43:22 +08:00
Radosław Kłos	682d8b363f	Fix existing unit tests	2022-09-26 21:43:22 +08:00
Radosław Kłos	a689c4eb6e	Fix (almost) always truthy regexp in ufw-docker--list	2022-09-26 21:43:22 +08:00
Chai Feng	e99858510d	Update Bach Testing Framework	2022-09-21 08:43:58 +08:00
Chai Feng	712b0e8075	Change to iptables (nf_tables), using Ubuntu 22.04	2022-09-20 21:51:39 +08:00
`@@ -1,4 +1,4 @@`
	`FROM ubuntu:20.04`	`FROM ubuntu:22.04`

	`ARG docker_version="20.10.17"`	`ARG docker_version="20.10.17"`