Skip to content

Commit fc34245

Browse files
evgeniy-scherbinaevgeniy-scherbina
committed
jail tests, temporary commit
1 parent 459dbda commit fc34245

File tree

1 file changed

+118
-0
lines changed

1 file changed

+118
-0
lines changed

e2e_tests/boundary_integration_test.go

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,3 +174,121 @@ func TestBoundaryIntegration(t *testing.T) {
174174
err = os.Remove("/tmp/boundary-test")
175175
require.NoError(t, err, "Failed to remove /tmp/boundary-test")
176176
}
177+
178+
func TestIptablesCleanup(t *testing.T) {
179+
// Step 1: Capture initial iptables rules
180+
t.Log("Step 1: Capturing initial iptables rules...")
181+
initialCmd := exec.Command("sudo", "iptables", "-L", "-n", "-v")
182+
initialOutput, err := initialCmd.Output()
183+
require.NoError(t, err, "Failed to get initial iptables rules")
184+
initialRules := string(initialOutput)
185+
t.Logf("Initial iptables rules:\n%s", initialRules)
186+
187+
// Step 2: Create and start LinuxJail
188+
t.Log("Step 2: Creating and starting LinuxJail...")
189+
190+
// Import the jail package to create LinuxJail directly
191+
// We'll need to create a minimal config
192+
config := struct {
193+
Logger interface{}
194+
HttpProxyPort int
195+
ConfigDir string
196+
CACertPath string
197+
HomeDir string
198+
Username string
199+
Uid int
200+
Gid int
201+
}{
202+
HttpProxyPort: 8080,
203+
ConfigDir: "/tmp/test-config",
204+
CACertPath: "/tmp/test-ca.pem",
205+
HomeDir: "/tmp/test-home",
206+
Username: "testuser",
207+
Uid: 1000,
208+
Gid: 1000,
209+
}
210+
211+
// Create a temporary CA cert file for the test
212+
err = os.MkdirAll(config.ConfigDir, 0755)
213+
require.NoError(t, err, "Failed to create config directory")
214+
215+
// Create a dummy CA cert file
216+
err = os.WriteFile(config.CACertPath, []byte("dummy cert"), 0644)
217+
require.NoError(t, err, "Failed to create dummy CA cert")
218+
219+
// We'll use the boundary binary approach since we can't easily import jail package
220+
// Build the boundary binary
221+
projectRoot := findProjectRoot(t)
222+
buildCmd := exec.Command("go", "build", "-o", "/tmp/boundary-iptables-test", "./cmd/...")
223+
buildCmd.Dir = projectRoot
224+
err = buildCmd.Run()
225+
require.NoError(t, err, "Failed to build boundary binary for iptables test")
226+
227+
// Create context for boundary process
228+
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
229+
defer cancel()
230+
231+
// Start boundary process (this will create LinuxJail and setup iptables)
232+
boundaryCmd := exec.CommandContext(ctx, "/tmp/boundary-iptables-test",
233+
"--allow", "example.com",
234+
"--log-level", "debug",
235+
"--", "bash", "-c", "sleep 5 && echo 'Test completed'")
236+
237+
boundaryCmd.Stdout = os.Stdout
238+
boundaryCmd.Stderr = os.Stderr
239+
240+
// Start the process
241+
err = boundaryCmd.Start()
242+
require.NoError(t, err, "Failed to start boundary process for iptables test")
243+
244+
// Give boundary time to start and setup iptables
245+
time.Sleep(2 * time.Second)
246+
247+
// Step 3: Capture iptables rules after LinuxJail setup
248+
t.Log("Step 3: Capturing iptables rules after LinuxJail setup...")
249+
afterSetupCmd := exec.Command("sudo", "iptables", "-L", "-n", "-v")
250+
afterSetupOutput, err := afterSetupCmd.Output()
251+
require.NoError(t, err, "Failed to get iptables rules after setup")
252+
afterSetupRules := string(afterSetupOutput)
253+
t.Logf("Iptables rules after setup:\n%s", afterSetupRules)
254+
255+
// Verify that new rules were added
256+
require.NotEqual(t, initialRules, afterSetupRules, "Iptables rules should have changed after LinuxJail setup")
257+
258+
// Step 4: Stop boundary process (this should trigger cleanup)
259+
t.Log("Step 4: Stopping boundary process to trigger cleanup...")
260+
cancel() // This will terminate the boundary process
261+
err = boundaryCmd.Wait()
262+
if err != nil {
263+
t.Logf("Boundary process finished with error (expected): %v", err)
264+
}
265+
266+
// Give cleanup time to complete
267+
time.Sleep(2 * time.Second)
268+
269+
// Step 5: Capture iptables rules after cleanup
270+
t.Log("Step 5: Capturing iptables rules after cleanup...")
271+
afterCleanupCmd := exec.Command("sudo", "iptables", "-L", "-n", "-v")
272+
afterCleanupOutput, err := afterCleanupCmd.Output()
273+
require.NoError(t, err, "Failed to get iptables rules after cleanup")
274+
afterCleanupRules := string(afterCleanupOutput)
275+
t.Logf("Iptables rules after cleanup:\n%s", afterCleanupRules)
276+
277+
// Step 6: Verify rules are identical to initial state
278+
t.Log("Step 6: Verifying iptables rules are cleaned up...")
279+
require.Equal(t, initialRules, afterCleanupRules,
280+
"Iptables rules should be identical to initial state after cleanup.\n"+
281+
"Initial rules:\n%s\n\nAfter cleanup:\n%s", initialRules, afterCleanupRules)
282+
283+
// Clean up
284+
err = os.Remove("/tmp/boundary-iptables-test")
285+
require.NoError(t, err, "Failed to remove test binary")
286+
287+
err = os.RemoveAll(config.ConfigDir)
288+
require.NoError(t, err, "Failed to remove config directory")
289+
290+
err = os.Remove(config.CACertPath)
291+
require.NoError(t, err, "Failed to remove dummy CA cert")
292+
293+
t.Log("✓ Iptables cleanup test completed successfully")
294+
}

0 commit comments

Comments
 (0)