Reduce leaky abstraction by not passing configurator to generateIPTables

keithmattix · keithmattix · commit 30e4b0ad3821 · 2022-04-28T12:53:32.000-05:00
Signed-off-by: Keith Mattix II &lt;keithmattix2@gmail.com&gt;
diff --git a/pkg/injector/init_container.go b/pkg/injector/init_container.go
@@ -10,7 +10,9 @@ import (
 func getInitContainerSpec(containerName string, cfg configurator.Configurator, outboundIPRangeExclusionList []string,
 	outboundIPRangeInclusionList []string, outboundPortExclusionList []int,
 	inboundPortExclusionList []int, enablePrivilegedInitContainer bool, pullPolicy corev1.PullPolicy, networkInterfaceExclusionList []string) corev1.Container {
-	iptablesInitCommand := generateIptablesCommands(cfg, outboundIPRangeExclusionList, outboundIPRangeInclusionList, outboundPortExclusionList, inboundPortExclusionList, networkInterfaceExclusionList)
+
+	proxyMode := cfg.GetMeshConfig().Spec.Sidecar.LocalProxyMode
+	iptablesInitCommand := generateIptablesCommands(proxyMode, outboundIPRangeExclusionList, outboundIPRangeInclusionList, outboundPortExclusionList, inboundPortExclusionList, networkInterfaceExclusionList)
 
 	return corev1.Container{
 		Name:            containerName,
diff --git a/pkg/injector/iptables.go b/pkg/injector/iptables.go
@@ -7,11 +7,10 @@ import (
 
 	configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
 
-	"github.com/openservicemesh/osm/pkg/configurator"
 	"github.com/openservicemesh/osm/pkg/constants"
 )
 
-func genIPTablesOutboundStaticRules(cfg configurator.Configurator) []string {
+func genIPTablesOutboundStaticRules(proxyMode configv1alpha2.LocalProxyMode) []string {
 	// iptablesOutboundStaticRules is the list of iptables rules related to outbound traffic interception and redirection
 	iptablesOutboundStaticRules := []string{
 		// Redirects outbound TCP traffic hitting OSM_PROXY_OUT_REDIRECT chain to Envoy's outbound listener port
@@ -21,9 +20,7 @@ func genIPTablesOutboundStaticRules(cfg configurator.Configurator) []string {
 		fmt.Sprintf("-A OSM_PROXY_OUT_REDIRECT -p tcp --dport %d -j ACCEPT", constants.EnvoyAdminPort),
 	}
 
-	localProxyMode := cfg.GetMeshConfig().Spec.Sidecar.LocalProxyMode
-
-	if localProxyMode == configv1alpha2.LocalProxyModePodIP {
+	if proxyMode == configv1alpha2.LocalProxyModePodIP {
 		// For envoy -> local service container proxying, send traffic to pod IP instead of localhost
 		iptablesOutboundStaticRules = append(iptablesOutboundStaticRules, fmt.Sprintf("-A OUTPUT -p tcp -o lo -d 127.0.0.1/32 -m owner --uid-owner %d -j DNAT --to-destination $POD_IP", constants.EnvoyUID))
 	}
@@ -76,7 +73,7 @@ var iptablesInboundStaticRules = []string{
 }
 
 // generateIptablesCommands generates a list of iptables commands to set up sidecar interception and redirection
-func generateIptablesCommands(cfg configurator.Configurator, outboundIPRangeExclusionList []string, outboundIPRangeInclusionList []string, outboundPortExclusionList []int, inboundPortExclusionList []int, networkInterfaceExclusionList []string) string {
+func generateIptablesCommands(proxyMode configv1alpha2.LocalProxyMode, outboundIPRangeExclusionList []string, outboundIPRangeInclusionList []string, outboundPortExclusionList []int, inboundPortExclusionList []int, networkInterfaceExclusionList []string) string {
 	var rules strings.Builder
 
 	fmt.Fprintln(&rules, `# OSM sidecar interception rules
@@ -108,7 +105,7 @@ func generateIptablesCommands(cfg configurator.Configurator, outboundIPRangeExcl
 		cmds = append(cmds, rule)
 	}
 
-	iptablesOutboundStaticRules := genIPTablesOutboundStaticRules(cfg)
+	iptablesOutboundStaticRules := genIPTablesOutboundStaticRules(proxyMode)
 
 	// 3. Create outbound rules
 	cmds = append(cmds, iptablesOutboundStaticRules...)
diff --git a/pkg/injector/iptables_test.go b/pkg/injector/iptables_test.go
@@ -3,13 +3,9 @@ package injector
 import (
 	"testing"
 
-	"github.com/golang/mock/gomock"
-	. "github.com/onsi/ginkgo"
 	"github.com/stretchr/testify/assert"
 
 	configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
-
-	"github.com/openservicemesh/osm/pkg/configurator"
 )
 
 func TestGenerateIptablesCommands(t *testing.T) {
@@ -132,17 +128,8 @@ EOF
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			a := assert.New(t)
-			mockCtrl := gomock.NewController(GinkgoT())
-			mockConfigurator := configurator.NewMockConfigurator(mockCtrl)
-			mockConfigurator.EXPECT().GetMeshConfig().Return(configv1alpha2.MeshConfig{
-				Spec: configv1alpha2.MeshConfigSpec{
-					Sidecar: configv1alpha2.SidecarSpec{
-						LocalProxyMode: tc.proxyMode,
-					},
-				},
-			}).Times(1)
 
-			actual := generateIptablesCommands(mockConfigurator, tc.outboundIPRangeExclusions, tc.outboundIPRangeInclusions, tc.outboundPortExclusions, tc.inboundPortExclusions, tc.networkInterfaceExclusions)
+			actual := generateIptablesCommands(tc.proxyMode, tc.outboundIPRangeExclusions, tc.outboundIPRangeInclusions, tc.outboundPortExclusions, tc.inboundPortExclusions, tc.networkInterfaceExclusions)
 			a.Equal(tc.expected, actual)
 		})
 	}
