libnetwork/iptables: Fix test panic when execute only one test

- use local variables for chains instead of sharing global variables - make createNewChain a t.Helper Signed-off-by: Chee Hau Lim <ch33hau@gmail.com>
2022-03-16 04:54:51 +08:00 · 2022-03-16 04:54:51 +08:00 · a2cea992c2
commit a2cea992c2
parent 5e330ad4da
1 changed files with 28 additions and 25 deletions
--- a/libnetwork/iptables/iptables_test.go
+++ b/libnetwork/iptables/iptables_test.go
@ -13,19 +13,16 @@ import (
 	"golang.org/x/sync/errgroup"
 )

-const chainName = "DOCKEREST"
-
-var natChain *ChainInfo
-var filterChain *ChainInfo
-var bridgeName string
-
-func TestNewChain(t *testing.T) {
-	var err error
-
+const (
+	chainName  = "DOCKEREST"
 	bridgeName = "lo"
+)
+
+func createNewChain(t *testing.T) (*IPTable, *ChainInfo, *ChainInfo) {
+	t.Helper()
 	iptable := GetIptable(IPv4)

-	natChain, err = iptable.NewChain(chainName, Nat, false)
+	natChain, err := iptable.NewChain(chainName, Nat, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -34,7 +31,7 @@ func TestNewChain(t *testing.T) {
 		t.Fatal(err)
 	}

-	filterChain, err = iptable.NewChain(chainName, Filter, false)
+	filterChain, err := iptable.NewChain(chainName, Filter, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -42,18 +39,23 @@ func TestNewChain(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	return iptable, natChain, filterChain
+}
+
+func TestNewChain(t *testing.T) {
+	createNewChain(t)
 }

 func TestForward(t *testing.T) {
+	iptable, natChain, filterChain := createNewChain(t)
+
 	ip := net.ParseIP("192.168.1.1")
 	port := 1234
 	dstAddr := "172.17.0.1"
 	dstPort := 4321
 	proto := "tcp"

-	bridgeName := "lo"
-	iptable := GetIptable(IPv4)
-
 	err := natChain.Forward(Insert, ip, port, proto, dstAddr, dstPort, bridgeName)
 	if err != nil {
 		t.Fatal(err)
@ -99,16 +101,13 @@ func TestForward(t *testing.T) {
 }

 func TestLink(t *testing.T) {
-	var err error
-
-	bridgeName := "lo"
-	iptable := GetIptable(IPv4)
+	iptable, _, filterChain := createNewChain(t)
 	ip1 := net.ParseIP("192.168.1.1")
 	ip2 := net.ParseIP("192.168.1.2")
 	port := 1234
 	proto := "tcp"

-	err = filterChain.Link(Append, ip1, ip2, port, proto, bridgeName)
+	err := filterChain.Link(Append, ip1, ip2, port, proto, bridgeName)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -141,10 +140,11 @@ func TestLink(t *testing.T) {
 }

 func TestPrerouting(t *testing.T) {
+	iptable, natChain, _ := createNewChain(t)
+
 	args := []string{
 		"-i", "lo",
 		"-d", "192.168.1.1"}
-	iptable := GetIptable(IPv4)

 	err := natChain.Prerouting(Insert, args...)
 	if err != nil {
@ -162,10 +162,11 @@ func TestPrerouting(t *testing.T) {
 }

 func TestOutput(t *testing.T) {
+	iptable, natChain, _ := createNewChain(t)
+
 	args := []string{
 		"-o", "lo",
 		"-d", "192.168.1.1"}
-	iptable := GetIptable(IPv4)

 	err := natChain.Output(Insert, args...)
 	if err != nil {
@ -196,6 +197,8 @@ func TestConcurrencyNoWait(t *testing.T) {
 // Note that if iptables does not support the xtable lock on this
 // system, then allowXlock has no effect -- it will always be off.
 func RunConcurrencyTest(t *testing.T, allowXlock bool) {
+	_, natChain, _ := createNewChain(t)
+
 	if !allowXlock && supportsXlock {
 		supportsXlock = false
 		defer func() { supportsXlock = true }()
@ -219,7 +222,8 @@ func RunConcurrencyTest(t *testing.T, allowXlock bool) {
 }

 func TestCleanup(t *testing.T) {
-	var err error
+	iptable, _, filterChain := createNewChain(t)
+
 	var rules []byte

 	// Cleanup filter/FORWARD first otherwise output of iptables-save is dirty
@ -227,14 +231,13 @@ func TestCleanup(t *testing.T) {
 		string(Delete), "FORWARD",
 		"-o", bridgeName,
 		"-j", filterChain.Name}
-	iptable := GetIptable(IPv4)

-	if _, err = iptable.Raw(link...); err != nil {
+	if _, err := iptable.Raw(link...); err != nil {
 		t.Fatal(err)
 	}
 	filterChain.Remove()

-	err = iptable.RemoveExistingChain(chainName, Nat)
+	err := iptable.RemoveExistingChain(chainName, Nat)
 	if err != nil {
 		t.Fatal(err)
 	}