def _test__iptables_args(self, expected_port): self.driver = iptables.IptablesFilter() self.mock_iptables = self.useFixture( fixtures.MockPatchObject(self.driver, '_iptables')).mock self.mock_should_enable_dhcp.return_value = True _iptables_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-F', self.driver.new_chain), ('-X', self.driver.new_chain), ('-N', self.driver.new_chain), ('-A', self.driver.new_chain, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.chain), ('-F', self.driver.chain), ('-X', self.driver.chain), ('-E', self.driver.new_chain, self.driver.chain) ] self.driver.sync(self.mock_ironic) call_args_list = self.mock_iptables.call_args_list for (args, call) in zip(_iptables_expected_args, call_args_list): self.assertEqual(args, call[0]) self.mock_get_inactive_macs.assert_called_once_with(self.mock_ironic) self.check_fsm([pxe_filter.Events.sync])
def _test__iptables_clean_cache_on_error(self, expected_port): self.driver = iptables.IptablesFilter() self.mock_iptables = self.useFixture( fixtures.MockPatchObject(self.driver, '_iptables')).mock self.mock_get_inactive_macs.return_value = ['AA:BB:CC:DD:EE:FF'] self.mock_should_enable_dhcp.return_value = True self.mock_iptables.side_effect = [ None, None, RuntimeError('Oops!'), None, None, None, None, None, None ] self.assertRaises(RuntimeError, self.driver.sync, self.mock_ironic) self.check_fsm([pxe_filter.Events.sync, pxe_filter.Events.reset]) self.mock_get_inactive_macs.assert_called_once_with(self.mock_ironic) # check caching syncs_expected_args = [ # driver reset ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-F', self.driver.new_chain), ('-X', self.driver.new_chain), ('-N', self.driver.new_chain), # deny ('-A', self.driver.new_chain, '-m', 'mac', '--mac-source', self.mock_get_inactive_macs.return_value[0], '-j', 'DROP'), ('-A', self.driver.new_chain, '-j', 'ACCEPT'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.chain), ('-F', self.driver.chain), ('-X', self.driver.chain), ('-E', self.driver.new_chain, self.driver.chain) ] self.mock_iptables.reset_mock() self.mock_iptables.side_effect = None self.mock_get_inactive_macs.reset_mock() self.mock_fsm.reset_mock() self.driver.sync(self.mock_ironic) self.check_fsm([pxe_filter.Events.sync]) call_args_list = self.mock_iptables.call_args_list for (idx, (args, call)) in enumerate(zip(syncs_expected_args, call_args_list)): self.assertEqual(args, call[0], 'idx: %s' % idx) self.mock_get_inactive_macs.assert_called_once_with(self.mock_ironic)
def setUp(self): super(TestIptablesDriver, self).setUp() CONF.set_override('rootwrap_config', '/some/fake/path') # NOTE(milan) we ignore the state checking in order to avoid having to # always call e.g self.driver.init_filter() to set proper driver state self.mock_fsm = self.useFixture( fixtures.MockPatchObject(iptables.IptablesFilter, 'fsm')).mock self.mock_call = self.useFixture( fixtures.MockPatchObject(iptables.subprocess, 'check_call')).mock self.driver = iptables.IptablesFilter() self.mock_iptables = self.useFixture( fixtures.MockPatchObject(self.driver, '_iptables')).mock self.mock_should_enable_dhcp = self.useFixture( fixtures.MockPatchObject(iptables, '_should_enable_dhcp')).mock self.mock__get_blacklist = self.useFixture( fixtures.MockPatchObject(iptables, '_get_blacklist')).mock self.mock__get_blacklist.return_value = [] self.mock_ironic = mock.Mock()
def _test_sync_with_allowlist(self, expected_port): CONF.set_override('deny_unknown_macs', True, 'pxe_filter') self.driver = iptables.IptablesFilter() self.mock_iptables = self.useFixture( fixtures.MockPatchObject(self.driver, '_iptables')).mock self.mock_get_active_macs.return_value = ['AA:BB:CC:DD:EE:FF'] self.mock_get_inactive_macs.return_value = ['FF:EE:DD:CC:BB:AA'] self.mock_should_enable_dhcp.return_value = True _iptables_expected_args = [ ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-F', self.driver.new_chain), ('-X', self.driver.new_chain), ('-N', self.driver.new_chain), # deny ('-A', self.driver.new_chain, '-m', 'mac', '--mac-source', self.mock_get_active_macs.return_value[0], '-j', 'ACCEPT'), ('-A', self.driver.new_chain, '-j', 'DROP'), ('-I', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.new_chain), ('-D', 'INPUT', '-i', 'br-ctlplane', '-p', 'udp', '--dport', expected_port, '-j', self.driver.chain), ('-F', self.driver.chain), ('-X', self.driver.chain), ('-E', self.driver.new_chain, self.driver.chain) ] self.driver.sync(self.mock_ironic) self.check_fsm([pxe_filter.Events.sync]) call_args_list = self.mock_iptables.call_args_list for (args, call) in zip(_iptables_expected_args, call_args_list): self.assertEqual(args, call[0]) self.mock_get_active_macs.assert_called_once_with(self.mock_ironic) # check caching self.mock_iptables.reset_mock() self.mock_get_active_macs.reset_mock() self.driver.sync(self.mock_ironic) self.mock_get_active_macs.assert_called_once_with(self.mock_ironic) self.assertFalse(self.mock_iptables.called)
def setUp(self): super(TestIptablesDriver, self).setUp() CONF.set_override('rootwrap_config', '/some/fake/path') # NOTE(milan) we ignore the state checking in order to avoid having to # always call e.g self.driver.init_filter() to set proper driver state self.mock_fsm = self.useFixture( fixtures.MockPatchObject(iptables.IptablesFilter, 'fsm')).mock self.mock_call = self.useFixture( fixtures.MockPatchObject(iptables.processutils, 'execute')).mock self.driver = iptables.IptablesFilter() self.mock_iptables = self.useFixture( fixtures.MockPatchObject(self.driver, '_iptables')).mock self.mock_should_enable_dhcp = self.useFixture( fixtures.MockPatchObject(iptables, '_should_enable_dhcp')).mock self.mock_get_inactive_macs = self.useFixture( fixtures.MockPatchObject(pxe_filter, 'get_inactive_macs')).mock self.mock_get_inactive_macs.return_value = set() self.mock_get_active_macs = self.useFixture( fixtures.MockPatchObject(pxe_filter, 'get_active_macs')).mock self.mock_get_active_macs.return_value = set() self.mock_ironic = mock.Mock() self.mock_ironic.ports.return_value = []
def test_iptables_command_ipv6(self): CONF.set_override('ip_version', '6', 'iptables') driver = iptables.IptablesFilter() self.assertEqual(driver._cmd_iptables, 'ip6tables')