metal-stack · majst01 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
@@ -4,10 +4,9 @@ BUILDDATE := $(shell date -Iseconds)
 VERSION := $(or ${VERSION},$(shell git describe --tags --exact-match 2> /dev/null || git symbolic-ref -q --short HEAD || git rev-parse --short HEAD))
 
 CONTROLLER_TOOLS_VERSION ?= v0.18.0
-MOCKGEN_VERSION ?= $(shell go list -m all | grep go.uber.org/mock | awk '{print $$2}')
 LOCALBIN ?= $(shell pwd)/bin
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
-MOCKGEN ?= $(LOCALBIN)/mockgen
+MOCKERY ?= $(LOCALBIN)/mockery
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 all: firewall-controller
@@ -65,7 +64,7 @@ vet:
 	go vet ./...
 
 # Generate code
-generate: controller-gen mockgen manifests
+generate: controller-gen mockery manifests
 	$(CONTROLLER_GEN) object paths="./..."
 	go generate ./...
 
@@ -80,8 +79,7 @@ setup-envtest: $(ENVTEST)
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
-.PHONY: mockgen
-mockgen: $(MOCKGEN)
-$(MOCKGEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/mockgen && $(LOCALBIN)/mockgen -version | grep -q $(MOCKGEN_VERSION) || \
-	GOBIN=$(LOCALBIN) go install go.uber.org/mock/mockgen@$(MOCKGEN_VERSION)
+.PHONY: mockery
+mockery: $(MOCKERY)
+$(MOCKERY): $(LOCALBIN)
+	test -s $(LOCALBIN)/mockery || GOBIN=$(LOCALBIN) go install github.com/vektra/mockery/v2@latest
@@ -16,9 +16,9 @@ require (
 	github.com/metal-stack/metal-networker v0.46.2
 	github.com/metal-stack/v v1.0.3
 	github.com/miekg/dns v1.1.72
+	github.com/stretchr/testify v1.11.1
 	github.com/txn2/txeh v1.7.0
 	github.com/vishvananda/netlink v1.3.1
-	go.uber.org/mock v0.6.0
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
 	k8s.io/api v0.34.0
 	k8s.io/apiextensions-apiserver v0.34.0
@@ -83,6 +83,7 @@ require (
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/procfs v0.19.2 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.mongodb.org/mongo-driver v1.17.7 // indirect

@@ -213,8 +213,6 @@ go.mongodb.org/mongo-driver v1.17.7 h1:a9w+U3Vt67eYzcfq3k/OAv284/uUUkL0uP75VE5rC
 go.mongodb.org/mongo-driver v1.17.7/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=

@@ -25,7 +25,6 @@ import (
 	firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
 	firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"
 
-	_ "go.uber.org/mock/mockgen/model" // required for go:generate to work
 )
 
 const (
@@ -38,7 +37,7 @@ const (
 //go:embed *.tpl
 var templates embed.FS
 
-//go:generate ../../bin/mockgen -destination=./mocks/mock_fqdncache.go -package=mocks . FQDNCache
+//go:generate ../../bin/mockery --name=FQDNCache --outpkg=mocks --output=./mocks --filename=mock_fqdncache.go
 type FQDNCache interface {
 	GetSetsForRendering(fqdns []firewallv1.FQDNSelector) (result []dns.RenderIPSet)
 	GetSetsForFQDN(fqdn firewallv1.FQDNSelector) (result []firewallv1.IPSet)

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"go.uber.org/mock/gomock"
 	corev1 "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -142,7 +141,7 @@ func TestClusterwideNetworkPolicyEgressRules(t *testing.T) {
 	tests := []struct {
 		name   string
 		input  firewallv1.ClusterwideNetworkPolicy
-		record func(*mocks.MockFQDNCache)
+		record func(*mocks.FQDNCache)
 		want   want
 	}{
 		{
@@ -174,7 +173,7 @@ func TestClusterwideNetworkPolicyEgressRules(t *testing.T) {
 					},
 				},
 			},
-			record: func(cache *mocks.MockFQDNCache) {},
+			record: func(cache *mocks.FQDNCache) {},
 			want: want{
 				egress: nftablesRules{
 					`ip saddr == @cluster_prefixes ip daddr != { 1.1.0.1 } ip daddr { 1.1.0.0/24, 1.1.1.0/24 } tcp dport { 53 } counter accept comment "accept traffic for np  tcp"`,
@@ -214,18 +213,15 @@ func TestClusterwideNetworkPolicyEgressRules(t *testing.T) {
 					},
 				},
 			},
-			record: func(cache *mocks.MockFQDNCache) {
+			record: func(cache *mocks.FQDNCache) {
 				cache.
-					EXPECT().
-					IsInitialized().
+					On("IsInitialized").
 					Return(true)
 				cache.
-					EXPECT().
-					GetSetsForFQDN(gomock.Any()).
+					On("GetSetsForFQDN", firewallv1.FQDNSelector{MatchName: "test.com"}).
 					Return([]firewallv1.IPSet{{SetName: "test", Version: firewallv1.IPv4}})
 				cache.
-					EXPECT().
-					GetSetsForFQDN(gomock.Any()).
+					On("GetSetsForFQDN", firewallv1.FQDNSelector{MatchPattern: "*.test.com"}).
 					Return([]firewallv1.IPSet{{SetName: "test2", Version: firewallv1.IPv6}})
 			},
 			want: want{
@@ -239,13 +235,10 @@ func TestClusterwideNetworkPolicyEgressRules(t *testing.T) {
 		},
 	}
 
-	ctrl := gomock.NewController(t)
-	defer ctrl.Finish()
-
-	fqdnCache := mocks.NewMockFQDNCache(ctrl)
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
+			fqdnCache := mocks.NewFQDNCache(t)
 			tt.record(fqdnCache)
 			if len(tt.want.egress) > 0 {
 				egress, _ := clusterwideNetworkPolicyEgressRules(fqdnCache, tt.input, false)