def setUp(self): super(BaseTestFC.BaseTestFirewallControl, self).setUp() mock.patch.object( util, 'platform_info', util.PlatformInfo('Linux', 'CentOS', 0.0, self.el_version, 0.0, 0, '')).start() self.test_firewall = FirewallControl.create() # Guaranteed cleanup with unittest2 self.addCleanup(mock.patch.stopall)
def open_firewall(port, address, proto, description, persist): firewall_control = FirewallControl.create() return agent_ok_or_error( firewall_control.add_rule(port, proto, description, persist, address))
from chroma_core.lib.util import CommandLine, CommandError from iml_common.lib.ntp import NTPConfig from iml_common.lib.firewall_control import FirewallControl from iml_common.lib.service_control import ServiceControl, ServiceControlEL7 from iml_common.lib.util import wait_for_result log = logging.getLogger("installation") try: # python2.7 log.addHandler(logging.StreamHandler(stream=sys.stdout)) except TypeError: # python2.6 log.addHandler(logging.StreamHandler(strm=sys.stdout)) log.setLevel(logging.INFO) firewall_control = FirewallControl.create() class ServiceConfig(CommandLine): REQUIRED_DB_SPACE_GB = 100 bytes_in_gigabytes = 1073741824 def __init__(self): self.verbose = False @staticmethod def _check_name_resolution(): """ Check: * that the hostname is not localhost * that the FQDN can be looked up from hostname
from netaddr import IPNetwork, IPAddress from netaddr.core import AddrFormatError from urlparse import urljoin from chroma_agent import config from chroma_agent.lib import node_admin from chroma_agent.lib.shell import AgentShell from chroma_agent.log import console_log from iml_common.lib.firewall_control import FirewallControl from iml_common.lib.service_control import ServiceControl from chroma_agent.lib import networking from chroma_agent.lib.talker_thread import TalkerThread env = Environment(loader=PackageLoader('chroma_agent', 'templates')) firewall_control = FirewallControl.create(logger=console_log) # Used to make noise on ring1 to enable corosync detection. talker_thread = None class RingDetectionError(Exception): pass def get_all_interfaces(): import ethtool # Not sure how robust this will be; need to test with real gear. # In theory, should do the job to exclude IPoIB and lo interfaces. hwaddr_blacklist = ['00:00:00:00:00:00', '80:00:00:48:fe:80'] eth_interfaces = []
class BaseTestFirewallControl(CommandCaptureTestCase): """ Abstract base class for testing the FirewallControl class """ __metaclass__ = abc.ABCMeta # class variables port = '88' proto = 'tcp' desc = 'test service' address = '192.168.1.100' # create example named tuple to compare with objects in rules list example_port_rule = FirewallControl.FirewallRule(port, proto, desc, persist=True, address=None) example_address_rule = FirewallControl.FirewallRule(0, proto, desc, persist=False, address=address) # base expected error strings assert_address_with_port_msg = 'ing a specific port on a source address is not ' \ 'supported, port value must be 0 (ANY)' assert_address_persist_msg = 'ing all ports on a source address permanently is not ' \ 'currently supported' assert_port_not_persist_msg = 'ing a single port temporarily is not currently supported' def init_firewall(self, el_version): self.el_version = el_version def setUp(self): super(BaseTestFC.BaseTestFirewallControl, self).setUp() mock.patch.object( util, 'platform_info', util.PlatformInfo('Linux', 'CentOS', 0.0, self.el_version, 0.0, 0, '')).start() self.test_firewall = FirewallControl.create() # Guaranteed cleanup with unittest2 self.addCleanup(mock.patch.stopall) def test_open_address_incorrect_port(self): # test opening a given port on a specific address, AssertionError should be # thrown and no commands issued try: self.test_firewall.add_rule(1234, self.proto, self.desc, persist=True, address=self.address) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'open' + self.assert_address_with_port_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() def test_close_address_incorrect_port(self): # test closing a given port on a specific address, AssertionError should be # thrown and no commands issued try: self.test_firewall.remove_rule(1234, self.proto, self.desc, persist=True, address=self.address) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'clos' + self.assert_address_with_port_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() def test_open_address_persistent(self): # test opening all ports on a specific address permanently, AssertionError # should be thrown and no commands issued try: self.test_firewall.add_rule(0, self.proto, self.desc, persist=True, address=self.address) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'open' + self.assert_address_persist_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() def test_close_address_persistent(self): # test closing all ports on a specific address permanently, AssertionError # should be thrown and no commands issued try: self.test_firewall.remove_rule(0, self.proto, self.desc, persist=True, address=self.address) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'clos' + self.assert_address_persist_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() def test_open_port_not_persistent(self): # test opening port on a specific address temporarily, AssertionError # should be thrown and no commands issued try: self.test_firewall.add_rule(1234, self.proto, self.desc, persist=False, address=None) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'open' + self.assert_port_not_persist_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() def test_close_port_not_persistent(self): # test closing port on a specific address temporarily, AssertionError # should be thrown and no commands issued try: self.test_firewall.remove_rule(1234, self.proto, self.desc, persist=False, address=None) # shouldn't get here self.assertTrue(False) except AssertionError as e: self.assertEqual(str(e), 'clos' + self.assert_port_not_persist_msg) # class instance should have record of added rule self.assertEqual(len(self.test_firewall.rules), 0) # no commands should have run self.assertRanAllCommandsInOrder() @abc.abstractmethod def test_open_port(self): raise NotImplementedError @abc.abstractmethod def test_close_port(self): raise NotImplementedError @abc.abstractmethod def test_open_address(self): raise NotImplementedError @abc.abstractmethod def test_close_address(self): raise NotImplementedError