Skip to content

Commit 906536a

Browse files
ncodencode
committed
update README
1 parent 58512c6 commit 906536a

File tree

2 files changed

+88
-1
lines changed

2 files changed

+88
-1
lines changed

README.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,9 @@ Plugin-Specific Configuration Parameters:
145145
- `chainName`: Defines the name of the primary iptables chain. If not specified, it defaults to `"CNI-OUTBOUND"`.
146146
- `defaultAction`: Determines the default action (e.g., `"DROP"`, `"ACCEPT"`) for the container-specific chains. The default value is `"DROP"`.
147147
- `outboundRules`: An array of outbound rules that will be applied to each container.
148+
- `dryRun`: When set to `true`, all traffic will be logged but not blocked.
149+
- `logDrops`: When set to `true`, any dropped traffic will be logged via iptables.
150+
- `metadata`: A map of key-value pairs that will be included in log messages.
148151
- `logging`:
149152
- `enable`: A boolean value to enable (`true`) or disable (`false`) logging.
150153
- `directory`: Specifies the directory where log files will be stored.
@@ -254,4 +257,4 @@ This project is licensed under Apache-2.0
254257
- [go-iptables](https://github.com/coreos/go-iptables)
255258
- [Nomad by HashiCorp](https://www.nomadproject.io/)
256259

257-
For more information on CNI plugins and their use with Nomad, refer to the [Nomad CNI documentation](https://www.nomadproject.io/docs/networking/cni).
260+
For more information on CNI plugins and their use with Nomad, refer to the [Nomad CNI documentation](https://www.nomadproject.io/docs/networking/cni).

outbound_test.go

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1847,3 +1847,87 @@ func TestParseConfigComplete(t *testing.T) {
18471847
})
18481848
}
18491849
}
1850+
1851+
func TestParseConfig_LogDrops(t *testing.T) {
1852+
testCases := []struct {
1853+
name string
1854+
stdin []byte
1855+
args string
1856+
expectError bool
1857+
expectDryRun bool
1858+
expectLogDrops bool
1859+
}{
1860+
{
1861+
name: "Config with dryRun and logDrops enabled",
1862+
stdin: []byte(`{
1863+
"cniVersion": "1.0.0",
1864+
"name": "test-net",
1865+
"type": "outbound",
1866+
"dryRun": true,
1867+
"logDrops": true,
1868+
"mainChainName": "TEST-OUTBOUND",
1869+
"defaultAction": "DROP"
1870+
}`),
1871+
args: "",
1872+
expectDryRun: true,
1873+
expectLogDrops: true,
1874+
},
1875+
{
1876+
name: "Config with only logDrops enabled",
1877+
stdin: []byte(`{
1878+
"cniVersion": "1.0.0",
1879+
"name": "test-net",
1880+
"type": "outbound",
1881+
"logDrops": true,
1882+
"mainChainName": "TEST-OUTBOUND",
1883+
"defaultAction": "DROP"
1884+
}`),
1885+
args: "",
1886+
expectDryRun: false,
1887+
expectLogDrops: true,
1888+
},
1889+
{
1890+
name: "Config with only dryRun enabled",
1891+
stdin: []byte(`{
1892+
"cniVersion": "1.0.0",
1893+
"name": "test-net",
1894+
"type": "outbound",
1895+
"dryRun": true,
1896+
"mainChainName": "TEST-OUTBOUND",
1897+
"defaultAction": "DROP"
1898+
}`),
1899+
args: "",
1900+
expectDryRun: true,
1901+
expectLogDrops: false,
1902+
},
1903+
{
1904+
name: "Config with both disabled",
1905+
stdin: []byte(`{
1906+
"cniVersion": "1.0.0",
1907+
"name": "test-net",
1908+
"type": "outbound",
1909+
"mainChainName": "TEST-OUTBOUND",
1910+
"defaultAction": "DROP"
1911+
}`),
1912+
args: "",
1913+
expectDryRun: false,
1914+
expectLogDrops: false,
1915+
},
1916+
}
1917+
1918+
for _, tc := range testCases {
1919+
t.Run(tc.name, func(t *testing.T) {
1920+
conf, err := parseConfig(tc.stdin, tc.args, "test-container")
1921+
1922+
if tc.expectError {
1923+
assert.Error(t, err)
1924+
return
1925+
}
1926+
1927+
assert.NoError(t, err)
1928+
assert.NotNil(t, conf)
1929+
assert.Equal(t, tc.expectDryRun, conf.DryRun)
1930+
assert.Equal(t, tc.expectLogDrops, conf.LogDrops)
1931+
})
1932+
}
1933+
}

0 commit comments

Comments
 (0)