Harden rule health checks

2026-04-17 11:21:54 +08:00
parent 7b854c7a96
commit 4c431584eb
5 changed files with 74 additions and 6 deletions
--- a/tests/test_integration.sh
+++ b/tests/test_integration.sh
@@ -85,10 +85,14 @@ export PERSIST_FIXTURE_LOG

 # shellcheck source=lib/common.sh
 source "${ROOT_DIR}/lib/common.sh"
+# shellcheck source=lib/storage.sh
+source "${ROOT_DIR}/lib/storage.sh"
 # shellcheck source=lib/persist.sh
 source "${ROOT_DIR}/lib/persist.sh"
 # shellcheck source=lib/iptables_ops.sh
 source "${ROOT_DIR}/lib/iptables_ops.sh"
+# shellcheck source=lib/rules_mgr.sh
+source "${ROOT_DIR}/lib/rules_mgr.sh"

 uuid_v4=$("${ROOT_DIR}/iptables-forward.sh" --batch add tcp 65432 127.0.0.1 22 4 'integration-v4')
 assert_contains "$(iptables-save)" "MGMT:${uuid_v4}" 'IPv4 rule should appear in iptables-save output'
@@ -96,9 +100,19 @@ assert_contains "$("${ROOT_DIR}/iptables-forward.sh" --batch list)" "uuid=${uuid
 assert_file_contains "${PERSIST_RULES_V4}" "MGMT:${uuid_v4}" 'persist save should write IPv4 rules snapshot'
 assert_file_contains "${PERSIST_FIXTURE_LOG}" 'persist-fixture.sh save' 'adding a rule should call persist save'

+iptables -t nat -D PREROUTING \
+  -p tcp --dport 65432 \
+  -j DNAT --to-destination 127.0.0.1:22 \
+  -m comment --comment "MGMT:${uuid_v4}"
+list_output=$(cmd_list 0)
+[[ ${list_output} =~ [[:space:]]![[:space:]] ]] || fail 'partial runtime loss should show degraded health in cmd_list'
+
+persist_reload
+list_output=$(cmd_list 0)
+[[ ${list_output} =~ [[:space:]]✓[[:space:]] ]] || fail 'persist_reload should restore healthy status in cmd_list'
+
 ipt_remove_rule "${uuid_v4}" tcp 65432 127.0.0.1 22 4
 assert_status 1 "$(status_of grep -F "MGMT:${uuid_v4}" <(iptables-save))" 'manual runtime removal should clear managed IPv4 rule'
-
 persist_reload
 assert_file_contains "${PERSIST_FIXTURE_LOG}" 'persist-fixture.sh reload' 'persist_reload should call persistence wrapper'
 assert_contains "$(iptables-save)" "MGMT:${uuid_v4}" 'persist_reload should restore IPv4 rule from snapshot'