firewalld: Add unit test for ApplyVpnSetup in IpTables

This CL adds unit test for ApplyVpnSetup routine added to firewalld
for supporting third party VPN in chrome OS.

BUG=chromium:460418
TEST=Ran the unit test

Change-Id: Ice71477f6c3ab9ee76de48ced94d535e015e00fb
Reviewed-on: https://chromium-review.googlesource.com/256302
Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>

5 files changed, 216 insertions, 5 deletions

diff --git a/firewalld.gyp b/firewalld.gyp
index 692112a..e243411 100644
--- a/firewalld.gyp
+++ b/firewalld.gyp
@@ -63,6 +63,7 @@
           'dependencies': ['libfirewalld'],
           'sources': [
             'iptables_unittest.cc',
+            'mock_iptables.cc',
             'run_all_tests.cc',
           ],
         },
diff --git a/iptables.h b/iptables.h
index f1d0624..02edce5 100644
--- a/iptables.h
+++ b/iptables.h
@@ -48,6 +48,12 @@ class IpTables : public org::chromium::FirewalldInterface {
 
  private:
   friend class IpTablesTest;
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddSuccess);
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInUsername);
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade);
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic);
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveSuccess);
+  FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveFailure);
 
   bool PunchHole(uint16_t port,
                  const std::string& interface,
@@ -77,13 +83,13 @@ class IpTables : public org::chromium::FirewalldInterface {
                      const std::string& interface,
                      bool add);
 
-  bool ApplyMasquerade(const std::string& interface,
-                       bool add);
-
-  bool ApplyMarkForUserTraffic(const std::string& user_name,
+  virtual bool ApplyMasquerade(const std::string& interface,
                                bool add);
 
-  bool ApplyRuleForUserTraffic(bool add);
+  virtual bool ApplyMarkForUserTraffic(const std::string& user_name,
+                                       bool add);
+
+  virtual bool ApplyRuleForUserTraffic(bool add);
 
   std::string ip4_exec_path_;
   std::string ip6_exec_path_;
diff --git a/iptables_unittest.cc b/iptables_unittest.cc
index 65503a1..5b8c02d 100644
--- a/iptables_unittest.cc
+++ b/iptables_unittest.cc
@@ -6,8 +6,13 @@
 
 #include <gtest/gtest.h>
 
+#include "firewalld/mock_iptables.h"
+
 namespace firewalld {
 
+using testing::_;
+using testing::Return;
+
 class IpTablesTest : public testing::Test {
  public:
   IpTablesTest()
@@ -104,4 +109,154 @@ TEST_F(IpTablesTest, PunchUdpHoleIpv6Fails) {
   ASSERT_FALSE(ip4succeeds_ip6fails.PunchUdpHole(53, "iface"));
 }
 
+TEST_F(IpTablesTest, ApplyVpnSetupAddSuccess) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool add = true;
+  const bool success = true;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add))
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], add))
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], add))
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add))
+      .WillOnce(Return(success));
+
+  EXPECT_EQ(success, mock_iptables.ApplyVpnSetup(usernames, interface, add));
+}
+
+TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInUsername) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool remove = false;
+  const bool add = true;
+  const bool failure = false;
+  const bool success = true;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add))
+      .Times(1)
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], add))
+      .Times(1)
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], add))
+      .Times(1)
+      .WillOnce(Return(failure));
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add))
+      .Times(1)
+      .WillOnce(Return(success));
+
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove))
+      .Times(1)
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[0], remove))
+      .Times(1)
+      .WillOnce(Return(failure));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(usernames[1], remove))
+      .Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove))
+      .Times(1)
+      .WillOnce(Return(failure));
+
+  EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add));
+}
+
+TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool remove = false;
+  const bool add = true;
+  const bool failure = false;
+  const bool success = true;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add))
+      .Times(1)
+      .WillOnce(Return(failure));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add))
+      .Times(1)
+      .WillOnce(Return(success));
+
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove))
+      .Times(1)
+      .WillOnce(Return(success));
+
+  EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add));
+}
+
+TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool remove = false;
+  const bool add = true;
+  const bool failure = false;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, _)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add))
+      .Times(1)
+      .WillOnce(Return(failure));
+
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove)).Times(0);
+
+  EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, add));
+}
+
+TEST_F(IpTablesTest, ApplyVpnSetupRemoveSuccess) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool remove = false;
+  const bool add = true;
+  const bool success = true;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove))
+      .Times(1)
+      .WillOnce(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, remove))
+      .Times(2)
+      .WillRepeatedly(Return(success));
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove))
+      .Times(1)
+      .WillOnce(Return(success));
+
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, add)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)).Times(0);
+
+  EXPECT_EQ(success, mock_iptables.ApplyVpnSetup(usernames, interface, remove));
+}
+
+TEST_F(IpTablesTest, ApplyVpnSetupRemoveFailure) {
+  const std::vector<std::string> usernames = {"testuser0", "testuser1"};
+  const std::string interface = "ifc0";
+  const bool remove = false;
+  const bool add = true;
+  const bool failure = false;
+
+  MockIpTables mock_iptables;
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, remove))
+      .Times(1)
+      .WillOnce(Return(failure));
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, remove))
+      .Times(2)
+      .WillRepeatedly(Return(failure));
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(remove))
+      .Times(1)
+      .WillOnce(Return(failure));
+
+  EXPECT_CALL(mock_iptables, ApplyMasquerade(interface, add)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, add)).Times(0);
+  EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(add)).Times(0);
+
+  EXPECT_EQ(failure, mock_iptables.ApplyVpnSetup(usernames, interface, remove));
+}
+
 }  // namespace firewalld
diff --git a/mock_iptables.cc b/mock_iptables.cc
new file mode 100644
index 0000000..13d800b
--- /dev/null
+++ b/mock_iptables.cc
@@ -0,0 +1,13 @@
+// Copyright 2015 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "firewalld/mock_iptables.h"
+
+namespace firewalld {
+
+MockIpTables::MockIpTables() : IpTables("", "") {}
+
+MockIpTables::~MockIpTables() {}
+
+}  // namespace firewalld
diff --git a/mock_iptables.h b/mock_iptables.h
new file mode 100644
index 0000000..8f7e132
--- /dev/null
+++ b/mock_iptables.h
@@ -0,0 +1,36 @@
+// Copyright 2015 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef FIREWALLD_MOCK_IPTABLES_H_
+#define FIREWALLD_MOCK_IPTABLES_H_
+
+#include <string>
+
+#include <base/macros.h>
+#include <gmock/gmock.h>
+
+#include "firewalld/iptables.h"
+
+namespace firewalld {
+
+class MockIpTables : public IpTables {
+ public:
+  MockIpTables();
+  ~MockIpTables() override;
+
+  MOCK_METHOD2(ApplyMasquerade, bool(const std::string& interface,
+                                     bool add));
+
+  MOCK_METHOD2(ApplyMarkForUserTraffic, bool(const std::string& user_name,
+                                             bool add));
+
+  MOCK_METHOD1(ApplyRuleForUserTraffic, bool(bool add));
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockIpTables);
+};
+
+}  // namespace firewalld
+
+#endif  // FIREWALLD_MOCK_IPTABLES_H_