[PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test

[PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test

[Thomas Haller]

The file "optimizations/dumps/single_anon_set.nft.input" was laying
around, and it was unclear how it was used.

Let's extend "check-patch.sh" to flag all unused files. But the script
cannot understand how "single_anon_set.nft.input" is used (aside allow
listing it).

Instead, inline the script to keep it inside the test (script).

We still write the data to a separate file and don't use `nft -f -`
(because reading stdin uses a different code path we want to cover).

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 .../dumps/single_anon_set.nft.input           | 38 ---------------
 .../testcases/optimizations/single_anon_set   | 47 ++++++++++++++++++-
 2 files changed, 45 insertions(+), 40 deletions(-)
 delete mode 100644 tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input

diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input
deleted file mode 100644
index ecc5691ba581..000000000000
--- a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input
+++ /dev/null
@@ -1,38 +0,0 @@
-table ip test {
-	chain test {
-		# Test cases where anon set can be removed:
-		ip saddr { 127.0.0.1 } accept
-		iif { "lo" } accept
-
-		# negation, can change to != 22.
-		tcp dport != { 22 } drop
-
-		# single prefix, can remove anon set.
-		ip saddr { 127.0.0.0/8 } accept
-
-		# range, can remove anon set.
-		ip saddr { 127.0.0.1-192.168.7.3 } accept
-		tcp sport { 1-1023 } drop
-
-		# Test cases where anon set must be kept.
-
-		# 2 elements, cannot remove the anon set.
-		ip daddr { 192.168.7.1, 192.168.7.5 } accept
-		tcp dport { 80, 443 } accept
-
-		# single element, but concatenation which is not
-		# supported outside of set/map context at this time.
-		ip daddr . tcp dport { 192.168.0.1 . 22 } accept
-
-		# single element, but a map.
-		meta mark set ip daddr map { 192.168.0.1 : 1 }
-
-		# 2 elements.  This could be converted because
-		# ct state cannot be both established and related
-		# at the same time, but this needs extra work.
-		ct state { established, related } accept
-
-		# with stateful statement
-		meta mark { 0x0000000a counter }
-	}
-}
diff --git a/tests/shell/testcases/optimizations/single_anon_set b/tests/shell/testcases/optimizations/single_anon_set
index 7275e3606900..84fc2a7f03a8 100755
--- a/tests/shell/testcases/optimizations/single_anon_set
+++ b/tests/shell/testcases/optimizations/single_anon_set
@@ -2,12 +2,55 @@
 
 set -e
 
+test -d "$NFT_TEST_TESTTMPDIR"
+
 # Input file contains rules with anon sets that contain
 # one element, plus extra rule with two elements (that should be
 # left alone).
 
 # Dump file has the simplified rules where anon sets have been
 # replaced by equality tests where possible.
-dumpfile=$(dirname $0)/dumps/$(basename $0).nft
+file_input1="$NFT_TEST_TESTTMPDIR/input1.nft"
+
+cat <<EOF > "$file_input1"
+table ip test {
+	chain test {
+		# Test cases where anon set can be removed:
+		ip saddr { 127.0.0.1 } accept
+		iif { "lo" } accept
+
+		# negation, can change to != 22.
+		tcp dport != { 22 } drop
+
+		# single prefix, can remove anon set.
+		ip saddr { 127.0.0.0/8 } accept
+
+		# range, can remove anon set.
+		ip saddr { 127.0.0.1-192.168.7.3 } accept
+		tcp sport { 1-1023 } drop
+
+		# Test cases where anon set must be kept.
+
+		# 2 elements, cannot remove the anon set.
+		ip daddr { 192.168.7.1, 192.168.7.5 } accept
+		tcp dport { 80, 443 } accept
+
+		# single element, but concatenation which is not
+		# supported outside of set/map context at this time.
+		ip daddr . tcp dport { 192.168.0.1 . 22 } accept
+
+		# single element, but a map.
+		meta mark set ip daddr map { 192.168.0.1 : 1 }
+
+		# 2 elements.  This could be converted because
+		# ct state cannot be both established and related
+		# at the same time, but this needs extra work.
+		ct state { established, related } accept
+
+		# with stateful statement
+		meta mark { 0x0000000a counter }
+	}
+}
+EOF
 
-$NFT -f "$dumpfile".input
+$NFT -f "$file_input1"
-- 
2.41.0

[PATCH nft 2/2] tools: reject unexpected files in "tests/shell/testcases/" with "check-tree.sh"

[Thomas Haller]

"check-tree.sh" does consistency checks on the source tree. Extend
the check to flag more unexpected files. We don't want to accidentally
have left over files.

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 tools/check-tree.sh | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/tools/check-tree.sh b/tools/check-tree.sh
index ede3e6998ecc..c3aaa08d05ce 100755
--- a/tools/check-tree.sh
+++ b/tools/check-tree.sh
@@ -2,6 +2,10 @@
 
 # Preform various consistency checks of the source tree.
 
+unset LANGUAGE
+export LANG=C
+export LC_ALL=C
+
 die() {
 	printf '%s\n' "$*"
 	exit 1
@@ -56,7 +60,7 @@ check_shell_dumps() {
 	fi
 }
 
-SHELL_TESTS=( $(find "tests/shell/testcases/" -type f -executable | LANG=C sort) )
+SHELL_TESTS=( $(find "tests/shell/testcases/" -type f -executable | sort) )
 
 if [ "${#SHELL_TESTS[@]}" -eq 0 ] ; then
 	echo "No executable tests under \"tests/shell/testcases/\" found"
@@ -74,9 +78,20 @@ if [ "${SHELL_TESTS[*]}" != "${SHELL_TESTS2[*]}" ] ; then
 	EXIT_CODE=1
 fi
 
+##############################################################################
+#
+F=( $(find tests/shell/testcases/ -type f | grep '^tests/shell/testcases/[^/]\+/dumps/[^/]\+\.\(nft\|nodump\)$' -v | sort) )
+IGNORED_FILES=( tests/shell/testcases/bogons/nft-f/* )
+for f in "${F[@]}" ; do
+	if ! array_contains "$f" "${SHELL_TESTS[@]}" "${IGNORED_FILES[@]}" ; then
+		echo "Unexpected file \"$f\""
+		EXIT_CODE=1
+	fi
+done
+
 ##############################################################################
 
-FILES=( $(find "tests/shell/testcases/" -type f | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\0#p' | LANG=C sort) )
+FILES=( $(find "tests/shell/testcases/" -type f | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\0#p' | sort) )
 
 for f in "${FILES[@]}" ; do
 	f2="$(echo "$f" | sed -n 's#\(tests/shell/testcases\(/.*\)\?/\)dumps/\(.*\)\.\(nft\|nodump\)$#\1\3#p')"
-- 
2.41.0

Re: [PATCH nft 1/2] tests/shell: inline input data in "single_anon_set" test

[Pablo Neira Ayuso]

On Mon, Oct 23, 2023 at 06:13:15PM +0200, Thomas Haller wrote:
> The file "optimizations/dumps/single_anon_set.nft.input" was laying
> around, and it was unclear how it was used.
> 
> Let's extend "check-patch.sh" to flag all unused files. But the script
> cannot understand how "single_anon_set.nft.input" is used (aside allow
> listing it).
> 
> Instead, inline the script to keep it inside the test (script).
> 
> We still write the data to a separate file and don't use `nft -f -`
> (because reading stdin uses a different code path we want to cover).

Series applied, thanks