[pve-devel] [PATCH proxmox-ve-rs v3 03/18] config: firewall: add tests for interface and directions

Tue Nov 12 13:26:00 CET 2024

Add tests for validating the directions in the guest firewall
configuration. While I'm at it, I also added tests for validating
interface names, since this functionality did not get tested before.

Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 proxmox-ve-config/src/firewall/guest.rs | 53 +++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/proxmox-ve-config/src/firewall/guest.rs b/proxmox-ve-config/src/firewall/guest.rs
index 1e70a67..23eaa4e 100644
--- a/proxmox-ve-config/src/firewall/guest.rs
+++ b/proxmox-ve-config/src/firewall/guest.rs
@@ -247,4 +247,57 @@ policy_forward: DROP
             }
         );
     }
+
+    #[test]
+    fn test_parse_valid_interface_prefix() {
+        const CONFIG: &str = r#"
+[RULES]
+
+IN ACCEPT -p udp -dport 33 -sport 22 -log warning -i tapeth0
+"#;
+
+        let config = CONFIG.as_bytes();
+        let network_config: Vec<u8> = Vec::new();
+        Config::parse(&Vmid::new(100), "tap", config, network_config.as_slice()).unwrap_err();
+    }
+
+    #[test]
+    fn test_parse_invalid_interface_prefix() {
+        const CONFIG: &str = r#"
+[RULES]
+
+IN ACCEPT -p udp -dport 33 -sport 22 -log warning -i eth0
+"#;
+
+        let config = CONFIG.as_bytes();
+        let network_config: Vec<u8> = Vec::new();
+        Config::parse(&Vmid::new(100), "tap", config, network_config.as_slice()).unwrap_err();
+    }
+
+    #[test]
+    fn test_parse_valid_directions() {
+        const CONFIG: &str = r#"
+[RULES]
+
+IN ACCEPT -p udp -dport 33 -sport 22 -log warning
+OUT ACCEPT -p udp -dport 33 -sport 22 -log warning
+"#;
+
+        let config = CONFIG.as_bytes();
+        let network_config: Vec<u8> = Vec::new();
+        Config::parse(&Vmid::new(100), "tap", config, network_config.as_slice()).unwrap();
+    }
+
+    #[test]
+    fn test_parse_invalid_direction() {
+        const CONFIG: &str = r#"
+[RULES]
+
+FORWARD ACCEPT -p udp -dport 33 -sport 22 -log warning
+"#;
+
+        let config = CONFIG.as_bytes();
+        let network_config: Vec<u8> = Vec::new();
+        Config::parse(&Vmid::new(100), "tap", config, network_config.as_slice()).unwrap_err();
+    }
 }
-- 
2.39.5


