def test_flat_override(self): """Makes sure flat_interface flag overrides network bridge_interface. Allows heterogeneous networks a la bug 833426 """ driver = linux_net.LinuxBridgeInterfaceDriver() info = {} @staticmethod def test_ensure(bridge, interface, network, gateway): info['passed_interface'] = interface self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge', test_ensure) network = { "bridge": "br100", "bridge_interface": "base_interface", "share_address": False, } driver.plug(network, "fakemac") self.assertEqual(info['passed_interface'], "base_interface") self.flags(flat_interface="override_interface") driver.plug(network, "fakemac") self.assertEqual(info['passed_interface'], "override_interface")
def test_ensure_bridge_brings_up_interface(self): calls = { 'device_exists': [mock.call('bridge')], '_execute': [ mock.call('brctl', 'addif', 'bridge', 'eth0', run_as_root=True, check_exit_code=False), mock.call('ip', 'link', 'set', 'eth0', 'up', run_as_root=True, check_exit_code=False), mock.call('ip', 'route', 'show', 'dev', 'eth0'), mock.call('ip', 'addr', 'show', 'dev', 'eth0', 'scope', 'global'), ] } with contextlib.nested( mock.patch.object(linux_net, 'device_exists', return_value=True), mock.patch.object(linux_net, '_execute', return_value=('', ''))) as (device_exists, _execute): driver = linux_net.LinuxBridgeInterfaceDriver() driver.ensure_bridge('bridge', 'eth0') device_exists.assert_has_calls(calls['device_exists']) _execute.assert_has_calls(calls['_execute'])
def test_vlan_override(self): """Makes sure vlan_interface flag overrides network bridge_interface. Allows heterogeneous networks a la bug 833426 """ driver = linux_net.LinuxBridgeInterfaceDriver() info = {} @staticmethod def test_ensure(vlan, bridge, interface, network, mac_address): info['passed_interface'] = interface self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_vlan_bridge', test_ensure) network = { "bridge": "br100", "bridge_interface": "base_interface", "vlan": "fake" } self.flags(vlan_interface="") driver.plug(network, "fakemac") self.assertEqual(info['passed_interface'], "base_interface") self.flags(vlan_interface="override_interface") driver.plug(network, "fakemac") self.assertEqual(info['passed_interface'], "override_interface") driver.plug(network, "fakemac")
def test_ensure_bridge_brclt_addif_exception(self): def fake_execute(*cmd, **kwargs): if ('brctl', 'addif', 'bridge', 'eth0') == cmd: return ('', 'some error happens') else: return ('', '') with contextlib.nested( mock.patch.object(linux_net, 'device_exists', return_value=True), mock.patch.object(linux_net, '_execute', fake_execute) ) as (device_exists, _): driver = linux_net.LinuxBridgeInterfaceDriver() self.assertRaises(exception.NovaException, driver.ensure_bridge, 'bridge', 'eth0') device_exists.assert_called_once_with('bridge')
def test_linux_bridge_driver_plug(self): """Makes sure plug doesn't drop FORWARD by default. Ensures bug 890195 doesn't reappear.""" def fake_execute(*args, **kwargs): return "", "" self.stubs.Set(utils, 'execute', fake_execute) def verify_add_rule(chain, rule): self.assertEqual(chain, 'FORWARD') self.assertIn('ACCEPT', rule) self.stubs.Set(linux_net.iptables_manager.ipv4['filter'], 'add_rule', verify_add_rule) driver = linux_net.LinuxBridgeInterfaceDriver() driver.plug({"bridge": "br100", "bridge_interface": "eth0"}, "fakemac")
def test_isolated_host(self): self.flags(fake_network=False, share_dhcp_address=True) # NOTE(vish): use a fresh copy of the manager for each test self.stubs.Set(linux_net, 'iptables_manager', linux_net.IptablesManager()) self.stubs.Set(linux_net, 'binary_name', 'test') executes = [] def fake_execute(*args, **kwargs): executes.append(args) return "", "" self.stubs.Set(utils, 'execute', fake_execute) driver = linux_net.LinuxBridgeInterfaceDriver() @staticmethod def fake_ensure(bridge, interface, network, gateway): return bridge self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge', fake_ensure) iface = 'eth0' dhcp = '192.168.1.1' network = { 'dhcp_server': dhcp, 'share_address': False, 'bridge': 'br100', 'bridge_interface': iface } driver.plug(network, 'fakemac') expected = [ ('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-i', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'FORWARD', '-p', 'IPv4', '-o', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ('iptables-save', '-c'), ('iptables-restore', '-c'), ('ip6tables-save', '-c'), ('ip6tables-restore', '-c'), ] self.assertEqual(executes, expected) executes = [] @staticmethod def fake_remove(bridge, gateway): return self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge', fake_remove) driver.unplug(network) expected = [ ('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-i', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'FORWARD', '-p', 'IPv4', '-o', iface, '--ip-protocol', 'udp', '--ip-destination-port', '67:68', '-j', 'DROP'), ] self.assertEqual(executes, expected)
def test_isolated_host_iptables_logdrop(self): # Ensure that a different drop action for iptables doesn't change # the drop action for ebtables. self.flags(fake_network=False, share_dhcp_address=True, iptables_drop_action='LOGDROP') # NOTE(vish): use a fresh copy of the manager for each test self.stubs.Set(linux_net, 'iptables_manager', linux_net.IptablesManager()) self.stubs.Set(linux_net, 'binary_name', 'test') executes = [] inputs = [] def fake_execute(*args, **kwargs): executes.append(args) process_input = kwargs.get('process_input') if process_input: inputs.append(process_input) return "", "" self.stubs.Set(utils, 'execute', fake_execute) driver = linux_net.LinuxBridgeInterfaceDriver() @staticmethod def fake_ensure(bridge, interface, network, gateway): return bridge self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'ensure_bridge', fake_ensure) iface = 'eth0' dhcp = '192.168.1.1' network = { 'dhcp_server': dhcp, 'bridge': 'br100', 'bridge_interface': iface } driver.plug(network, 'fakemac') expected = [ ('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-I', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('iptables-save', '-c'), ('iptables-restore', '-c'), ('ip6tables-save', '-c'), ('ip6tables-restore', '-c'), ] self.assertEqual(executes, expected) expected_inputs = [ ('-A test-FORWARD -m physdev --physdev-in %s ' '-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface), ('-A test-FORWARD -m physdev --physdev-out %s ' '-d 255.255.255.255 -p udp --dport 67 -j LOGDROP' % iface), ('-A test-FORWARD -m physdev --physdev-in %s ' '-d 192.168.1.1 -j LOGDROP' % iface), ('-A test-FORWARD -m physdev --physdev-out %s ' '-s 192.168.1.1 -j LOGDROP' % iface), ] for inp in expected_inputs: self.assertIn(inp, inputs[0]) executes = [] inputs = [] @staticmethod def fake_remove(bridge, gateway): return self.stubs.Set(linux_net.LinuxBridgeInterfaceDriver, 'remove_bridge', fake_remove) driver.unplug(network) expected = [ ('ebtables', '-t', 'filter', '-D', 'INPUT', '-p', 'ARP', '-i', iface, '--arp-ip-dst', dhcp, '-j', 'DROP'), ('ebtables', '-t', 'filter', '-D', 'OUTPUT', '-p', 'ARP', '-o', iface, '--arp-ip-src', dhcp, '-j', 'DROP'), ('iptables-save', '-c'), ('iptables-restore', '-c'), ('ip6tables-save', '-c'), ('ip6tables-restore', '-c'), ] self.assertEqual(executes, expected) for inp in expected_inputs: self.assertNotIn(inp, inputs[0])