Complete typed map ergonomics and preview API

2026-03-16 04:16:40 +00:00
parent e89739a64f
commit 6ae9ccf5e5
9 changed files with 450 additions and 26 deletions
--- a/tests/LibNftables.Tests/NftablesClientUnitTests.cs
+++ b/tests/LibNftables.Tests/NftablesClientUnitTests.cs
@@ -87,6 +87,29 @@ public sealed class NftablesClientUnitTests
            context.LastCommandText);
    }

+    [Fact]
+    public void ValidateAndRenderRuleset_ReturnsRenderedTextAndValidation()
+    {
+        var context = new FakeContext
+        {
+            OutputBuffer = "ok",
+            ErrorBuffer = string.Empty,
+        };
+        var client = CreateClient(() => context);
+
+        NftRenderedValidationResult result = client.ValidateAndRenderRuleset(CreateTypedRuleset());
+
+        Assert.True(result.ValidationResult.IsValid);
+        Assert.Equal(result.RenderedRulesetText, context.LastCommandText);
+        Assert.Equal(
+            "add table inet filter" + Environment.NewLine +
+            "add set inet filter blocked_ipv4 { type ipv4_addr; elements = { 10.0.0.1, 10.0.0.2 }; }" + Environment.NewLine +
+            "add map inet filter service_policy { type inet_service : verdict; elements = { 80 : accept, 443 : drop }; }" + Environment.NewLine +
+            "add chain inet filter input { type filter hook input priority 0; policy drop; }" + Environment.NewLine +
+            "add rule inet filter input iifname \"eth0\" ip saddr @blocked_ipv4 tcp dport 22 accept" + Environment.NewLine,
+            result.RenderedRulesetText);
+    }
+
    [Fact]
    public void ApplyRuleset_RendersTypedRulesetAndExecutesCommand()
    {
@@ -122,6 +145,41 @@ public sealed class NftablesClientUnitTests
            context.LastCommandText);
    }

+    [Fact]
+    public void Map_Add_DuplicateKey_ThrowsArgumentException()
+    {
+        var map = new NftMap
+        {
+            Name = "service_policy",
+            KeyType = NftMapType.InetService,
+            ValueType = NftMapType.Verdict,
+        };
+
+        map.Add(NftValue.Port(80), NftValue.Verdict(NftVerdict.Accept));
+
+        Assert.Throws<ArgumentException>(() => map.Add(NftValue.Port(80), NftValue.Verdict(NftVerdict.Drop)));
+    }
+
+    [Fact]
+    public void Map_Set_ReplacesValueWithoutChangingInsertionOrder()
+    {
+        var map = new NftMap
+        {
+            Name = "service_policy",
+            KeyType = NftMapType.InetService,
+            ValueType = NftMapType.Verdict,
+        };
+
+        map.Add(NftValue.Port(80), NftValue.Verdict(NftVerdict.Accept));
+        map.Add(NftValue.Port(443), NftValue.Verdict(NftVerdict.Drop));
+        map.Set(NftValue.Port(80), NftValue.Verdict(NftVerdict.Reject));
+
+        Assert.Equal(2, map.Count);
+        Assert.Equal("80", map.Entries[0].Key!.RenderedText);
+        Assert.Equal("reject", map.Entries[0].Value!.RenderedText);
+        Assert.Equal("443", map.Entries[1].Key!.RenderedText);
+    }
+
    [Fact]
    public void RenderRuleset_ReturnsTypedRulesetTextWithoutExecuting()
    {
@@ -291,16 +349,8 @@ public sealed class NftablesClientUnitTests
            KeyType = NftMapType.InetService,
            ValueType = NftMapType.Verdict,
        };
-        map.Entries.Add(new NftMapEntry
-        {
-            Key = NftValue.Port(80),
-            Value = NftValue.Verdict(NftVerdict.Accept),
-        });
-        map.Entries.Add(new NftMapEntry
-        {
-            Key = NftValue.Port(443),
-            Value = NftValue.Verdict(NftVerdict.Drop),
-        });
+        map.Add(NftValue.Port(80), NftValue.Verdict(NftVerdict.Accept));
+        map.Add(NftValue.Port(443), NftValue.Verdict(NftVerdict.Drop));
        table.Maps.Add(map);

        var chain = new NftChain