[Test Coverage] host-iptables-chain.ts / host-iptables-validation.ts#5866
Conversation
Add host-iptables-chain-branches.test.ts targeting two remaining uncovered branches from the coverage report: 1. host-iptables-chain.ts line 20: checkPermissionsAndSetupChain DOCKER-USER list fails with ENOENT emits user-readable 'iptables is required but was not found'. 2. host-iptables-validation.ts line 34: isMissingIptablesError with non-Error thrown values takes the empty-string branch of the ternary. 7 new tests; all 166 host-iptables tests pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds targeted Jest unit tests to close the remaining uncovered branch paths in the host iptables code, improving confidence in error-handling behavior without changing runtime logic.
Changes:
- Add new branch-coverage tests for
checkPermissionsAndSetupChainwhen the DOCKER-USER inspection fails with an iptables-missing error. - Add tests for
isMissingIptablesErrorwhen the thrown/caught value is not anErrorinstance (exercising the ternary fallback branch).
Show a summary per file
| File | Description |
|---|---|
src/host-iptables-chain-branches.test.ts |
Adds focused unit tests to cover previously-unexercised error-handling branches in host iptables chain setup and validation helpers. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 2
- Review effort level: Low
| * 1. host-iptables-chain.ts line 20: | ||
| * `throw new Error('iptables is required but was not found...')` inside the | ||
| * DOCKER-USER check catch block — triggered when the DOCKER-USER list command | ||
| * fails with an ENOENT / "not found" error. | ||
| * | ||
| * 2. host-iptables-validation.ts line 34: | ||
| * `error instanceof Error ? error.message : ''` — the `''` fallback branch | ||
| * exercised when `isMissingIptablesError` receives a non-Error thrown value | ||
| * (e.g. a plain object or string). |
|
@copilot address review feedback |
|
✅ Copilot review passed with no inline comments. @github-actions[bot] Add the |
|
✅ Smoke Claude passed |
|
✅ Smoke Gemini completed. All facets verified. 💎 Researching PRs via MCP |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
🚀 Security Guard has started processing this pull request |
|
✅ Contribution Check completed successfully! PR #5866 follows the applicable CONTRIBUTING.md guidelines; no contribution-guidelines comment needed. |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Build Test Suite completed successfully! |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (2 files)
Coverage comparison generated by |
Smoke Test: Claude Engine Validation
Overall Result: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke Test: Copilot BYOK (Direct) Mode ✅ PASS
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Services Connectivity
Overall: FAIL — Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot PAT Auth — PASS ✅
Overall: PASS — Auth mode: PAT (COPILOT_GITHUB_TOKEN) Author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔬 Smoke Test Results
Overall: PARTIAL — Copilot engine reachable; pre-computed data not injected (template vars unsubstituted). Author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔍 Smoke Test: API Proxy OpenTelemetry Tracing
All 5 scenarios pass. OTEL tracing integration is fully functional. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test Results
Overall Status: FAIL (Connectivity failed) Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
✅ GitHub MCP connectivity Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Summary
Adds
src/host-iptables-chain-branches.test.tsto cover two remaining uncovered branches identified by the coverage report.Branches covered
host-iptables-chain.tsline 20checkPermissionsAndSetupChain— the DOCKER-USER list command fails with ENOENT /not found(second catch block). Previously only the--versionENOENT path and thePermission deniedstderr path were tested. This adds coverage for the case where the DOCKER-USER inspection itself is the first indication thatiptablesis missing.host-iptables-validation.tsline 34isMissingIptablesError— the''branch of the ternaryerror instanceof Error ? error.message : ''. Fires when a non-Error value is thrown (plain object, string, null). Previously onlyErrorinstances were exercised in tests.Tests added
src/host-iptables-chain-branches.test.tshost-iptablestests passCoverage impact
host-iptables-chain.tshost-iptables-validation.tsWarning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.