Commit d262967
committed
Add nft-dump utility for firewall test verification
- Create nft-dump Go utility that uses nftables library to inspect firewall
rules without requiring nft CLI. Outputs human-readable YAML with
interpreted values (IP addresses, ports, marks, etc.)
- Update Garden firewall tests to use nft-dump instead of nft CLI for
verifying firewall rules work correctly in containers
- Fix Jammy stemcell container tests by unmounting Garden's bind-mounted
/etc/resolv.conf, /etc/hosts, /etc/hostname before starting the agent.
This prevents the 'Device or resource busy' error when the agent runs
resolvconf -u (same approach used by bosh-warden-cpi)
- Add nft-dump helper methods to GardenClient and TestEnvironment for
use in both container and VM-based integration tests
- Update deploy-to-noble.sh to build nft-dump binary for container tests
Tests now pass for both Noble and Jammy stemcells.1 parent 8e30313 commit d262967
7 files changed
Lines changed: 1240 additions & 317 deletions
File tree
- integration
- garden
- nftdump
- utils
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
113 | 113 | | |
114 | 114 | | |
115 | 115 | | |
116 | | - | |
| 116 | + | |
117 | 117 | | |
118 | 118 | | |
119 | 119 | | |
| |||
207 | 207 | | |
208 | 208 | | |
209 | 209 | | |
| 210 | + | |
| 211 | + | |
210 | 212 | | |
211 | 213 | | |
212 | 214 | | |
| |||
240 | 242 | | |
241 | 243 | | |
242 | 244 | | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
| 248 | + | |
243 | 249 | | |
244 | 250 | | |
245 | 251 | | |
| |||
0 commit comments