Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve parsing in iptables unit tests #109844

Merged
merged 5 commits into from
Jun 10, 2022
Merged

improve parsing in iptables unit tests #109844

merged 5 commits into from
Jun 10, 2022

Conversation

danwinship
Copy link
Contributor

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Generally improves the parsing of iptables rules in the kube-proxy unit tests, for three reasons:

  1. Tim thought the regex-based parsing used by iptablesTracer was kind of hacky and unclear
  2. This fixes the fact that iptablesTracer could only make use of the rules that syncProxyRules added with RestoreAll, and not the rules that it added with EnsureRule.
  3. A future PR I'm working on will change syncProxyRules to do partial restores rather than complete restores, and this can only be sanely unit-tested if FakeIPTables is fixed to implement partial restores correctly.

Which issue(s) this PR fixes:

none

Does this PR introduce a user-facing change?

NONE

(only modifies unit tests, and helper code that is only used by unit tests)

/sig network
/priority important-soon

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. sig/network Categorizes an issue or PR as relevant to SIG Network. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 5, 2022
@k8s-ci-robot
Copy link
Contributor

@danwinship: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label May 5, 2022
@danwinship
Copy link
Contributor Author

/assign @thockin

@k8s-ci-robot k8s-ci-robot requested review from khenidak and MrHohn May 5, 2022 21:42
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ipvs labels May 5, 2022
@danwinship danwinship force-pushed the iptables-tests-new branch from 70e7033 to 203337f Compare May 6, 2022 11:39
thockin
thockin reviewed May 6, 2022
View reviewed changes
Copy link
Member

@thockin thockin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dan, you are the consumer of my Firday afternoons!!

pkg/util/iptables/testing/parse.go Show resolved Hide resolved
pkg/util/iptables/testing/parse.go Show resolved Hide resolved
pkg/util/iptables/testing/parse_test.go Show resolved Hide resolved
pkg/util/iptables/testing/parse_test.go Outdated Show resolved Hide resolved
pkg/proxy/iptables/proxier_test.go Outdated Show resolved Hide resolved
pkg/proxy/iptables/proxier_test.go Show resolved Hide resolved
danwinship added 5 commits May 9, 2022 11:19
@danwinship
pkg/util/iptables/testing: Add better IPTables rule-parsing helpers
f2fa103 
There were previously some strange iptables-rule-parsing functions
that were only used by two unit tests in pkg/proxy/ipvs. Get rid of
them and replace them with some much better iptables-rule-parsing
functions.
@danwinship
proxy/iptables: tweak sortIPTablesRules some more
f0f47ae 
Sort the ":CHAINNAME" lines in the same order as the "-A CHAINNAME"
lines (meaning, KUBE-NODEPORTS and KUBE-SERVICES come first).

(This will simplify IPTablesDump because it won't need to keep track
of the declaration order and the rule order separately.)
@danwinship
pkg/util/iptables/testing: Add IPTables dump-parsing helpers
10a72a9
@danwinship
pkg/util/iptables/testing: Fix FakeIPTables
913f4bc 
FakeIPTables barely implemented any of the iptables interface, and the
main part that it did implement, it implemented incorrectly. Fix it:

- Implement EnsureChain, DeleteChain, EnsureRule, and DeleteRule, not
  just SaveInto/Restore/RestoreAll.

- Restore/RestoreAll now correctly merge the provided state with the
  existing state, rather than simply overwriting it.

- SaveInto now returns the table that was requested, rather than just
  echoing back the Restore/RestoreAll.
@danwinship
proxy/iptables: port packet-flow tests to use new parsing stuff
24e1e3d
@danwinship danwinship force-pushed the iptables-tests-new branch from 203337f to 24e1e3d Compare May 9, 2022 15:30
@danwinship danwinship mentioned this pull request May 28, 2022
Merged
@thockin
Copy link
Member

thockin commented Jun 10, 2022

Thanks!

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 10, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit dc4e91a into kubernetes:master Jun 10, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone Jun 10, 2022
@danwinship danwinship deleted the iptables-tests-new branch June 10, 2022 22:19
@MrHohn MrHohn mentioned this pull request May 15, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thockin thockin thockin left review comments

@khenidak khenidak Awaiting requested review from khenidak

@MrHohn MrHohn Awaiting requested review from MrHohn

Assignees

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/ipvs cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/network Categorizes an issue or PR as relevant to SIG Network. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.25
Development

Successfully merging this pull request may close these issues.
3 participants
@danwinship @k8s-ci-robot @thockin