test: refactor container_kill_linux_Test.go to use Tigron

microness · microness · commit e19548688197 · 2026-01-15T01:22:05.000+09:00
Signed-off-by: microness &lt;youjungho92@naver.com&gt;
diff --git a/cmd/nerdctl/container/container_kill_linux_test.go b/cmd/nerdctl/container/container_kill_linux_test.go
@@ -18,63 +18,62 @@ package container
 
 import (
 	"fmt"
+	"strconv"
 	"strings"
 	"testing"
 
 	"github.com/coreos/go-iptables/iptables"
 	"gotest.tools/v3/assert"
 
 	"github.com/containerd/nerdctl/mod/tigron/expect"
+	"github.com/containerd/nerdctl/mod/tigron/require"
 	"github.com/containerd/nerdctl/mod/tigron/test"
 
-	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 	"github.com/containerd/nerdctl/v2/pkg/testutil"
 	iptablesutil "github.com/containerd/nerdctl/v2/pkg/testutil/iptables"
 	"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
+	"github.com/containerd/nerdctl/v2/pkg/testutil/portlock"
 )
 
 // TestKillCleanupForwards runs a container that exposes a port and then kill it.
 // The test checks that the kill command effectively clean up
-// the iptables forwards creted from the run.
+// the iptables forwards created from the run.
 func TestKillCleanupForwards(t *testing.T) {
-	// skip if rootless
-	if rootlessutil.IsRootless() {
-		t.Skip("pkg/testutil/iptables does not support rootless")
-	}
 
-	const hostPort = 9999
+	ipt, err := iptables.New()
+	assert.NilError(t, err)
 
 	testCase := nerdtest.Setup()
 
-	ipt, err := iptables.New()
-	assert.NilError(t, err)
+	testCase.Require = require.Not(nerdtest.Rootless)
 
 	testCase.Setup = func(data test.Data, helpers test.Helpers) {
+		hostPort, err := portlock.Acquire(0)
+		if err != nil {
+			t.Logf("Failed to acquire port: %v", err)
+			t.FailNow()
+		}
+
+		containerName := data.Identifier()
+
 		helpers.Ensure(
 			"run", "-d",
 			"--restart=no",
-			"--name", data.Identifier(),
+			"--name", containerName,
 			"-p", fmt.Sprintf("127.0.0.1:%d:80", hostPort),
 			testutil.NginxAlpineImage,
 		)
-	}
-
-	testCase.Cleanup = func(data test.Data, helpers test.Helpers) {
-		helpers.Anyhow("rm", "-f", data.Identifier())
-	}
-
-	testCase.Command = func(data test.Data, helpers test.Helpers) test.TestableCommand {
-		name := data.Identifier()
+		nerdtest.EnsureContainerStarted(helpers, containerName)
 
 		containerID := strings.TrimSpace(
-			helpers.Capture("inspect", "-f", "{{.Id}}", name),
+			helpers.Capture("inspect", "-f", "{{.Id}}", containerName),
 		)
 
 		containerIP := strings.TrimSpace(
 			helpers.Capture(
 				"inspect",
 				"-f", "{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}",
-				name,
+				containerName,
 			),
 		)
 
@@ -92,16 +91,48 @@ func TestKillCleanupForwards(t *testing.T) {
 			)
 		}
 
-		assert.Assert(
-			t,
-			iptablesutil.ForwardExists(t, ipt, chain, containerIP, hostPort),
-			"expected iptables forward to exist before kill",
-		)
+		data.Labels().Set("containerName", containerName)
+		data.Labels().Set("containerIP", containerIP)
+		data.Labels().Set("hostPort", strconv.Itoa(hostPort))
+		data.Labels().Set("chain", chain)
+	}
 
-		return helpers.Command("kill", name)
+	testCase.SubTests = []*test.Case{
+		{
+			Description: "iptables forwarding rule should exist before container is killed",
+			NoParallel:  true,
+			Setup: func(data test.Data, helpers test.Helpers) {
+				containerIP := data.Labels().Get("containerIP")
+				hostPort, _ := strconv.Atoi(data.Labels().Get("hostPort"))
+				chain := data.Labels().Get("chain")
+
+				assert.Equal(t, iptablesutil.ForwardExists(t, ipt, chain, containerIP, hostPort), true)
+			},
+		},
+		{
+			Description: "kill container",
+			NoParallel:  true,
+			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+				return helpers.Command("kill", data.Labels().Get("containerName"))
+			},
+			Expected: test.Expects(expect.ExitCodeSuccess, nil, nil),
+		},
+		{
+			Description: "iptables forwarding rule should be removed after container is killed",
+			NoParallel:  true,
+			Setup: func(data test.Data, helpers test.Helpers) {
+				containerIP := data.Labels().Get("containerIP")
+				hostPort, _ := strconv.Atoi(data.Labels().Get("hostPort"))
+				chain := data.Labels().Get("chain")
+
+				assert.Equal(t, iptablesutil.ForwardExists(t, ipt, chain, containerIP, hostPort), false)
+			},
+		},
 	}
 
-	testCase.Expected = test.Expects(expect.ExitCodeSuccess, nil, nil)
+	testCase.Cleanup = func(data test.Data, helpers test.Helpers) {
+		helpers.Anyhow("rm", "-f", data.Identifier())
+	}
 
 	testCase.Run(t)
 }
