mirror of
synced 2025-03-11 15:04:18 +00:00
We add a bunch of additional unit tests, and also a coverage report using istanbul. The tests are not meant to cover everything, but they're a first attempt at having *some* unit testing on the supervisor. There's much to improve but hopefully it helps catch obvious errors. Change-Type: patch Signed-off-by: Pablo Carranza Velez <pablo@resin.io>
43 lines
2.3 KiB
43 lines
2.3 KiB
Promise = require 'bluebird'
iptables = require '../src/lib/iptables'
childProcess = require('child_process')
m = require 'mochainon'
{ stub } = m.sinon
{ expect } = m.chai
describe 'iptables', ->
it 'calls iptables to delete and recreate rules to block a port', ->
stub(childProcess, 'execAsync').returns(Promise.resolve())
iptables.rejectOnAllInterfacesExcept(['foo', 'bar'], 42)
.then ->
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -i foo -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -I INPUT -p tcp --dport 42 -i foo -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -i bar -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -I INPUT -p tcp --dport 42 -i bar -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -j REJECT')
expect(childProcess.execAsync).to.be.calledWith('iptables -A INPUT -p tcp --dport 42 -j REJECT')
.then ->
it "falls back to blocking the port with DROP if there's no REJECT support", ->
stub(childProcess, 'execAsync').callsFake (cmd) ->
if /REJECT$/.test(cmd)
iptables.rejectOnAllInterfacesExcept(['foo', 'bar'], 42)
.then ->
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -i foo -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -I INPUT -p tcp --dport 42 -i foo -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -i bar -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -I INPUT -p tcp --dport 42 -i bar -j ACCEPT')
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -j REJECT')
expect(childProcess.execAsync).to.be.calledWith('iptables -A INPUT -p tcp --dport 42 -j REJECT')
expect(childProcess.execAsync).to.be.calledWith('iptables -D INPUT -p tcp --dport 42 -j DROP')
expect(childProcess.execAsync).to.be.calledWith('iptables -A INPUT -p tcp --dport 42 -j DROP')
.then ->
childProcess.execAsync.restore() |