Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Thomas Gambier
slapos.core
Commits
f113849c
Commit
f113849c
authored
Oct 27, 2015
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewalld fixup: make shure everything is consistent
parent
cae28e57
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
77 additions
and
66 deletions
+77
-66
slapos/grid/slapgrid.py
slapos/grid/slapgrid.py
+51
-42
slapos/tests/slapgrid.py
slapos/tests/slapgrid.py
+26
-24
No files found.
slapos/grid/slapgrid.py
View file @
f113849c
...
@@ -666,6 +666,37 @@ stderr_logfile_backups=1
...
@@ -666,6 +666,37 @@ stderr_logfile_backups=1
if
not
promise_present
:
if
not
promise_present
:
self
.
logger
.
info
(
"No promise."
)
self
.
logger
.
info
(
"No promise."
)
def
_addFirewallRule
(
self
,
rule_command
):
"""
"""
query_cmd
=
rule_command
.
replace
(
'--add-rule'
,
'--query-rule'
)
process
=
FPopen
(
query_cmd
)
result
=
process
.
communicate
()[
0
]
if
result
.
strip
()
==
'no'
:
self
.
logger
.
debug
(
rule_command
)
process
=
FPopen
(
rule_command
)
process
.
communicate
()[
0
]
if
process
.
returncode
==
1
and
result
.
strip
()
!=
'no'
:
raise
Exception
(
"Failed to add firewalld rule %s."
%
rule_command
)
return
result
.
strip
()
==
'no'
def
_removeFirewallRule
(
self
,
rule_command
):
"""
"""
query_cmd
=
rule_command
.
replace
(
'--add-rule'
,
'--query-rule'
)
process
=
FPopen
(
query_cmd
)
result
=
process
.
communicate
()[
0
]
if
result
.
strip
()
==
'yes'
:
remove_command
=
rule_command
.
replace
(
'--add-rule'
,
'--remove-rule'
)
self
.
logger
.
debug
(
remove_command
)
process
=
FPopen
(
remove_command
)
process
.
communicate
()[
0
]
if
process
.
returncode
==
1
and
result
.
strip
()
!=
'no'
:
raise
Exception
(
"Failed to remove firewalld rule %s."
%
remove_command
)
return
result
.
strip
()
==
'yes'
def
_checkAddFirewallRules
(
self
,
partition_id
,
command_list
,
add
=
True
):
def
_checkAddFirewallRules
(
self
,
partition_id
,
command_list
,
add
=
True
):
"""
"""
Process Firewall rules from and save rules to firewall_rules_path
Process Firewall rules from and save rules to firewall_rules_path
...
@@ -674,50 +705,31 @@ stderr_logfile_backups=1
...
@@ -674,50 +705,31 @@ stderr_logfile_backups=1
instance_path
=
os
.
path
.
join
(
self
.
instance_root
,
partition_id
)
instance_path
=
os
.
path
.
join
(
self
.
instance_root
,
partition_id
)
firewall_rules_path
=
os
.
path
.
join
(
instance_path
,
firewall_rules_path
=
os
.
path
.
join
(
instance_path
,
Partition
.
partition_firewall_rules_name
)
Partition
.
partition_firewall_rules_name
)
json_list
=
[]
reload_rules
=
False
reload_rules
=
False
fw_base_cmd
=
self
.
firewall_conf
[
'firewall_cmd'
]
json_list
=
[]
if
os
.
path
.
exists
(
firewall_rules_path
):
if
os
.
path
.
exists
(
firewall_rules_path
):
with
open
(
firewall_rules_path
,
'r'
)
as
frules
:
with
open
(
firewall_rules_path
,
'r'
)
as
frules
:
rules_list
=
json
.
loads
(
frules
.
read
())
rules_list
=
json
.
loads
(
frules
.
read
())
for
command
in
rules_list
:
for
command
in
rules_list
:
skip_
check
=
False
skip_
remove
=
False
if
add
:
if
add
:
for
i
in
range
(
0
,
len
(
command_list
)):
for
new_cmd
in
command_list
:
new_cmd
=
command_list
[
i
]
if
command
==
new_cmd
:
if
command
==
new_cmd
:
json_list
.
append
(
command_list
.
pop
(
i
))
skip_remove
=
True
skip_check
=
True
break
break
# Only if add==True, do not try to remove the rule
if
skip_check
:
continue
# Check if this rule exists in iptables
current_cmd
=
command
.
replace
(
'--add-rule'
,
'--query-rule'
)
cmd_process
=
FPopen
(
current_cmd
)
result
=
cmd_process
.
communicate
()[
0
]
self
.
logger
.
debug
(
'%s: %s'
%
(
current_cmd
,
result
))
if
result
.
strip
()
==
'yes'
:
if
not
skip_remove
:
reload_rules
=
True
state
=
self
.
_removeFirewallRule
(
'%s %s'
%
(
fw_base_cmd
,
command
))
current_cmd
=
command
.
replace
(
'--add-rule'
,
'--remove-rule'
)
reload_rules
=
reload_rules
or
state
self
.
logger
.
debug
(
current_cmd
)
cmd_process
=
FPopen
(
current_cmd
)
result
=
cmd_process
.
communicate
()[
0
]
if
cmd_process
.
returncode
==
1
:
raise
Exception
(
"Failed to execute firewalld rule %s."
%
current_cmd
)
if
add
:
if
add
:
for
i
in
range
(
0
,
len
(
command_list
)):
json_list
=
command_list
reload_rules
=
True
for
command
in
command_list
:
command
=
command_list
.
pop
()
state
=
self
.
_addFirewallRule
(
'%s %s'
%
(
fw_base_cmd
,
command
))
self
.
logger
.
debug
(
command
)
reload_rules
=
reload_rules
or
state
cmd_process
=
FPopen
(
command
)
cmd_process
.
communicate
()[
0
]
if
cmd_process
.
returncode
==
1
:
raise
Exception
(
"Failed to add firewalld rule %s."
%
command
)
json_list
.
append
(
command
)
if
reload_rules
:
if
reload_rules
:
# Apply changes: reload configuration
# Apply changes: reload configuration
...
@@ -727,7 +739,6 @@ stderr_logfile_backups=1
...
@@ -727,7 +739,6 @@ stderr_logfile_backups=1
reload_process
=
FPopen
(
reload_cmd
)
reload_process
=
FPopen
(
reload_cmd
)
result
=
reload_process
.
communicate
()[
0
]
result
=
reload_process
.
communicate
()[
0
]
if
reload_process
.
returncode
==
1
:
if
reload_process
.
returncode
==
1
:
self
.
logger
.
error
(
'FirewallD Reload: %s'
%
result
)
raise
Exception
(
"Failed to load firewalld rules with command %s"
%
reload_cmd
)
raise
Exception
(
"Failed to load firewalld rules with command %s"
%
reload_cmd
)
with
open
(
firewall_rules_path
,
'w'
)
as
frules
:
with
open
(
firewall_rules_path
,
'w'
)
as
frules
:
...
@@ -740,8 +751,7 @@ stderr_logfile_backups=1
...
@@ -740,8 +751,7 @@ stderr_logfile_backups=1
if
ip_type
not
in
[
'ipv4'
,
'ipv6'
,
'eb'
]:
if
ip_type
not
in
[
'ipv4'
,
'ipv6'
,
'eb'
]:
raise
NotImplementedError
(
"firewall-cmd has not rules with tables %s."
%
ip_type
)
raise
NotImplementedError
(
"firewall-cmd has not rules with tables %s."
%
ip_type
)
fw_cmd
=
self
.
firewall_conf
[
'firewall_cmd'
]
command
=
'--permanent --direct --add-rule %s filter'
%
ip_type
command
=
'%s --permanent --direct --add-rule %s filter'
%
(
fw_cmd
,
ip_type
)
cmd_list
=
[]
cmd_list
=
[]
ip_list
=
hosting_ip_list
+
source_ip_list
ip_list
=
hosting_ip_list
+
source_ip_list
...
@@ -771,14 +781,13 @@ stderr_logfile_backups=1
...
@@ -771,14 +781,13 @@ stderr_logfile_backups=1
if
ip_type
not
in
[
'ipv4'
,
'ipv6'
,
'eb'
]:
if
ip_type
not
in
[
'ipv4'
,
'ipv6'
,
'eb'
]:
raise
NotImplementedError
(
"firewall-cmd has not rules with tables %s."
%
ip_type
)
raise
NotImplementedError
(
"firewall-cmd has not rules with tables %s."
%
ip_type
)
fw_cmd
=
self
.
firewall_conf
[
'firewall_cmd'
]
command
=
'--permanent --direct --add-rule %s filter'
%
ip_type
command
=
'%s --permanent --direct --add-rule %s filter'
%
(
fw_cmd
,
ip_type
)
cmd_list
=
[]
cmd_list
=
[]
# Accept all other requests
# Accept all other requests
cmd_list
.
append
(
'%s INPUT
0 -d %s -j ACCEPT'
%
(
command
,
ip
))
#cmd_list.append('%s INPUT 100
0 -d %s -j ACCEPT' % (command, ip))
cmd_list
.
append
(
'%s FORWARD
0 -d %s -j ACCEPT'
%
(
command
,
ip
))
#cmd_list.append('%s FORWARD 100
0 -d %s -j ACCEPT' % (command, ip))
# Reject all other requests from the list
# Reject all other requests from the list
for
other_ip
in
source_ip_list
:
for
other_ip
in
source_ip_list
:
...
@@ -792,9 +801,9 @@ stderr_logfile_backups=1
...
@@ -792,9 +801,9 @@ stderr_logfile_backups=1
other_ip
,
ip
))
other_ip
,
ip
))
# Accept on this hosting subscription
# Accept on this hosting subscription
for
other_ip
in
hosting_ip_list
:
for
other_ip
in
hosting_ip_list
:
cmd_list
.
append
(
'%s INPUT
100
0 -s %s -d %s -j ACCEPT'
%
(
command
,
cmd_list
.
append
(
'%s INPUT 0 -s %s -d %s -j ACCEPT'
%
(
command
,
other_ip
,
ip
))
other_ip
,
ip
))
cmd_list
.
append
(
'%s FORWARD
100
0 -s %s -d %s -j ACCEPT'
%
(
command
,
cmd_list
.
append
(
'%s FORWARD 0 -s %s -d %s -j ACCEPT'
%
(
command
,
other_ip
,
ip
))
other_ip
,
ip
))
return
cmd_list
return
cmd_list
...
...
slapos/tests/slapgrid.py
View file @
f113849c
...
@@ -1978,7 +1978,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -1978,7 +1978,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
def
setFirewallConfig
(
self
,
source_ip
=
""
):
def
setFirewallConfig
(
self
,
source_ip
=
""
):
firewall_conf
=
dict
(
firewall_conf
=
dict
(
authorized_sources
=
source_ip
,
authorized_sources
=
source_ip
,
firewall_cmd
=
'/bin/echo'
,
firewall_cmd
=
'/bin/echo
"no" #
'
,
firewall_executable
=
'/bin/echo "service firewall started"'
,
firewall_executable
=
'/bin/echo "service firewall started"'
,
reload_config_cmd
=
'/bin/echo "Config reloaded."'
,
reload_config_cmd
=
'/bin/echo "Config reloaded."'
,
log_file
=
'fw-log.log'
,
log_file
=
'fw-log.log'
,
...
@@ -1990,7 +1990,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -1990,7 +1990,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
# XXX - rules for one ip contain 2*len(ip_address_list + accept_ip_list) rules ACCEPT and 4 rules REJECT
# XXX - rules for one ip contain 2*len(ip_address_list + accept_ip_list) rules ACCEPT and 4 rules REJECT
num_rules
=
len
(
self
.
ip_address_list
)
*
2
+
len
(
accept_ip_list
)
*
2
+
4
num_rules
=
len
(
self
.
ip_address_list
)
*
2
+
len
(
accept_ip_list
)
*
2
+
4
self
.
assertEqual
(
len
(
cmd_list
),
num_rules
)
self
.
assertEqual
(
len
(
cmd_list
),
num_rules
)
base_cmd
=
'
%s --permanent --direct --add-rule ipv4 filter'
%
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
base_cmd
=
'
--permanent --direct --add-rule ipv4 filter'
# Check that there is REJECT rule on INPUT
# Check that there is REJECT rule on INPUT
rule
=
'%s INPUT 1000 -d %s -j REJECT'
%
(
base_cmd
,
ip
)
rule
=
'%s INPUT 1000 -d %s -j REJECT'
%
(
base_cmd
,
ip
)
...
@@ -2024,23 +2024,23 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2024,23 +2024,23 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
def
checkRuleFromIpSourceReject
(
self
,
ip
,
reject_ip_list
,
cmd_list
):
def
checkRuleFromIpSourceReject
(
self
,
ip
,
reject_ip_list
,
cmd_list
):
# XXX - rules for one ip contain 2 + 2*len(ip_address_list) rules ACCEPT and 4*len(reject_ip_list) rules REJECT
# XXX - rules for one ip contain 2 + 2*len(ip_address_list) rules ACCEPT and 4*len(reject_ip_list) rules REJECT
num_rules
=
2
+
(
len
(
self
.
ip_address_list
)
*
2
)
+
(
len
(
reject_ip_list
)
*
4
)
num_rules
=
(
len
(
self
.
ip_address_list
)
*
2
)
+
(
len
(
reject_ip_list
)
*
4
)
self
.
assertEqual
(
len
(
cmd_list
),
num_rules
)
self
.
assertEqual
(
len
(
cmd_list
),
num_rules
)
base_cmd
=
'
%s --permanent --direct --add-rule ipv4 filter'
%
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
base_cmd
=
'
--permanent --direct --add-rule ipv4 filter'
# Check that there is ACCEPT rule on INPUT
# Check that there is ACCEPT rule on INPUT
rule
=
'%s INPUT 0 -d %s -j ACCEPT'
%
(
base_cmd
,
ip
)
#
rule = '%s INPUT 0 -d %s -j ACCEPT' % (base_cmd, ip)
self
.
assertIn
(
rule
,
cmd_list
)
#
self.assertIn(rule, cmd_list)
# Check that there is ACCEPT rule on FORWARD
# Check that there is ACCEPT rule on FORWARD
rule
=
'%s FORWARD 0 -d %s -j ACCEPT'
%
(
base_cmd
,
ip
)
#
rule = '%s FORWARD 0 -d %s -j ACCEPT' % (base_cmd, ip)
self
.
assertIn
(
rule
,
cmd_list
)
#
self.assertIn(rule, cmd_list)
# Check that there is INPUT/FORWARD ACCEPT on ip_list
# Check that there is INPUT/FORWARD ACCEPT on ip_list
for
_
,
other_ip
in
self
.
ip_address_list
:
for
_
,
other_ip
in
self
.
ip_address_list
:
rule
=
'%s INPUT
100
0 -s %s -d %s -j ACCEPT'
%
(
base_cmd
,
other_ip
,
ip
)
rule
=
'%s INPUT 0 -s %s -d %s -j ACCEPT'
%
(
base_cmd
,
other_ip
,
ip
)
self
.
assertIn
(
rule
,
cmd_list
)
self
.
assertIn
(
rule
,
cmd_list
)
rule
=
'%s FORWARD
100
0 -s %s -d %s -j ACCEPT'
%
(
base_cmd
,
other_ip
,
ip
)
rule
=
'%s FORWARD 0 -s %s -d %s -j ACCEPT'
%
(
base_cmd
,
other_ip
,
ip
)
self
.
assertIn
(
rule
,
cmd_list
)
self
.
assertIn
(
rule
,
cmd_list
)
# Check that there is INPUT/FORWARD REJECT on ip_list
# Check that there is INPUT/FORWARD REJECT on ip_list
...
@@ -2078,7 +2078,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2078,7 +2078,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
self
.
setFirewallConfig
()
self
.
setFirewallConfig
()
# For simulate query rule success
# For simulate query rule success
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "
yes
" #'
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "
no
" #'
self
.
ip_address_list
=
computer
.
ip_address_list
self
.
ip_address_list
=
computer
.
ip_address_list
instance
=
computer
.
instance_list
[
0
]
instance
=
computer
.
instance_list
[
0
]
ip
=
instance
.
full_ip_list
[
0
][
1
]
ip
=
instance
.
full_ip_list
[
0
][
1
]
...
@@ -2099,12 +2099,14 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2099,12 +2099,14 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
checkRuleFromIpSource
(
ip
,
[],
rules_list
)
self
.
checkRuleFromIpSource
(
ip
,
[],
rules_list
)
# Remove all rules
# Remove all rules
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "yes" #'
self
.
grid
.
_checkAddFirewallRules
(
name
,
cmd_list
,
add
=
False
)
self
.
grid
.
_checkAddFirewallRules
(
name
,
cmd_list
,
add
=
False
)
with
open
(
rules_path
,
'r'
)
as
frules
:
with
open
(
rules_path
,
'r'
)
as
frules
:
rules_list
=
json
.
loads
(
frules
.
read
())
rules_list
=
json
.
loads
(
frules
.
read
())
self
.
assertEqual
(
rules_list
,
[])
self
.
assertEqual
(
rules_list
,
[])
# Add one more ip in the authorized list
# Add one more ip in the authorized list
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "no" #'
self
.
ip_address_list
.
append
((
'interface1'
,
'10.0.8.7'
))
self
.
ip_address_list
.
append
((
'interface1'
,
'10.0.8.7'
))
cmd_list
=
self
.
grid
.
_getFirewallAcceptRules
(
ip
,
cmd_list
=
self
.
grid
.
_getFirewallAcceptRules
(
ip
,
[
elt
[
1
]
for
elt
in
self
.
ip_address_list
],
[
elt
[
1
]
for
elt
in
self
.
ip_address_list
],
...
@@ -2124,7 +2126,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2124,7 +2126,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
slapgrid
.
SLAPGRID_SUCCESS
)
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertFalse
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertFalse
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
def
test_partition_firewall_restrict
(
self
):
def
test_partition_firewall_restrict
(
self
):
...
@@ -2135,7 +2137,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2135,7 +2137,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2157,7 +2159,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2157,7 +2159,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2174,8 +2176,6 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2174,8 +2176,6 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
def
test_partition_firewall_restricted_access_change
(
self
):
def
test_partition_firewall_restricted_access_change
(
self
):
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
self
.
setFirewallConfig
()
self
.
setFirewallConfig
()
# For simulate query rule success
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "yes" #'
with
httmock
.
HTTMock
(
computer
.
request_handler
):
with
httmock
.
HTTMock
(
computer
.
request_handler
):
instance
=
computer
.
instance_list
[
0
]
instance
=
computer
.
instance_list
[
0
]
instance
.
filter_dict
=
{
'fw_restricted_access'
:
'off'
,
instance
.
filter_dict
=
{
'fw_restricted_access'
:
'off'
,
...
@@ -2183,7 +2183,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2183,7 +2183,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2196,6 +2196,8 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2196,6 +2196,8 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
ip
=
instance
.
full_ip_list
[
0
][
1
]
ip
=
instance
.
full_ip_list
[
0
][
1
]
self
.
checkRuleFromIpSourceReject
(
ip
,
[
'10.0.8.11'
],
rules_list
)
self
.
checkRuleFromIpSourceReject
(
ip
,
[
'10.0.8.11'
],
rules_list
)
# For remove rules
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "yes" #'
instance
.
setFilterParameter
({
'fw_restricted_access'
:
'on'
,
instance
.
setFilterParameter
({
'fw_restricted_access'
:
'on'
,
'fw_authorized_sources'
:
''
})
'fw_authorized_sources'
:
''
})
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
...
@@ -2217,7 +2219,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2217,7 +2219,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2226,7 +2228,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2226,7 +2228,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
rules_list
=
[]
rules_list
=
[]
self
.
ip_address_list
=
computer
.
ip_address_list
self
.
ip_address_list
=
computer
.
ip_address_list
ip
=
instance
.
full_ip_list
[
0
][
1
]
ip
=
instance
.
full_ip_list
[
0
][
1
]
base_cmd
=
'
%s --permanent --direct --add-rule ipv4 filter'
%
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
base_cmd
=
'
--permanent --direct --add-rule ipv4 filter'
with
open
(
rules_path
,
'r'
)
as
frules
:
with
open
(
rules_path
,
'r'
)
as
frules
:
rules_list
=
json
.
loads
(
frules
.
read
())
rules_list
=
json
.
loads
(
frules
.
read
())
...
@@ -2252,7 +2254,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2252,7 +2254,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2262,7 +2264,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2262,7 +2264,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
ip_address_list
=
computer
.
ip_address_list
self
.
ip_address_list
=
computer
.
ip_address_list
self
.
ip_address_list
.
append
((
'iface'
,
'10.0.8.15'
))
self
.
ip_address_list
.
append
((
'iface'
,
'10.0.8.15'
))
ip
=
instance
.
full_ip_list
[
0
][
1
]
ip
=
instance
.
full_ip_list
[
0
][
1
]
base_cmd
=
'
%s --permanent --direct --add-rule ipv4 filter'
%
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
base_cmd
=
'
--permanent --direct --add-rule ipv4 filter'
with
open
(
rules_path
,
'r'
)
as
frules
:
with
open
(
rules_path
,
'r'
)
as
frules
:
rules_list
=
json
.
loads
(
frules
.
read
())
rules_list
=
json
.
loads
(
frules
.
read
())
...
@@ -2271,8 +2273,6 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2271,8 +2273,6 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
def
test_partition_firewall_ip_change
(
self
):
def
test_partition_firewall_ip_change
(
self
):
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
computer
=
ComputerForTest
(
self
.
software_root
,
self
.
instance_root
)
self
.
setFirewallConfig
()
self
.
setFirewallConfig
()
# For simulate query rule success
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "yes" #'
source_ip
=
[
'10.0.8.10'
,
'10.0.8.11'
]
source_ip
=
[
'10.0.8.10'
,
'10.0.8.11'
]
self
.
grid
.
firewall_conf
[
'authorized_sources'
]
=
[
source_ip
[
0
]]
self
.
grid
.
firewall_conf
[
'authorized_sources'
]
=
[
source_ip
[
0
]]
with
httmock
.
HTTMock
(
computer
.
request_handler
):
with
httmock
.
HTTMock
(
computer
.
request_handler
):
...
@@ -2282,7 +2282,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2282,7 +2282,7 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
assertTrue
(
os
.
path
.
exists
(
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
'.slapos-firewalld-rules'
slapos
.
grid
.
SlapObject
.
Partition
.
partition_firewall_rules_name
)))
)))
rules_path
=
os
.
path
.
join
(
rules_path
=
os
.
path
.
join
(
instance
.
partition_path
,
instance
.
partition_path
,
...
@@ -2300,6 +2300,8 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
...
@@ -2300,6 +2300,8 @@ class TestSlapgridCPWithFirewall(MasterMixin, unittest.TestCase):
#instance.filter_dict = {'fw_restricted_access': 'on',
#instance.filter_dict = {'fw_restricted_access': 'on',
# 'fw_authorized_sources': source_ip[0]}
# 'fw_authorized_sources': source_ip[0]}
# For simulate query rule exist
self
.
grid
.
firewall_conf
[
'firewall_cmd'
]
=
'/bin/echo "yes" #'
self
.
grid
.
firewall_conf
[
'authorized_sources'
]
=
[]
self
.
grid
.
firewall_conf
[
'authorized_sources'
]
=
[]
computer
.
ip_address_list
.
append
((
'route_interface1'
,
'10.10.8.4'
))
computer
.
ip_address_list
.
append
((
'route_interface1'
,
'10.10.8.4'
))
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
self
.
assertEqual
(
self
.
grid
.
processComputerPartitionList
(),
slapgrid
.
SLAPGRID_SUCCESS
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment