def rules(ctx: Context, _chain, _rules, table='', clean=True):
chain(ctx, _chain, table=table)
if clean:
assert ctx.run(Iptables().flush_chain(_chain)).ok
c = Iptables(table=table).append(_chain, _rules[0])
for r in _rules[1:]:
c = c._chain(Iptables(table=table).append(_chain, r))
assert ctx.run(c).ok
def get_user_data(ctx: Context, name: str) -> dict:
res = ctx.run(getent.Getent(getent.Database.PASSWD, name))
passwd_data = {}
if res.ok:
passwd_fields = res.stdout.strip().split(':')
passwd_headers = ('name', 'password', 'uid', 'gid', 'gecos',
'home_dir', 'shell')
passwd_data = dict(zip(passwd_headers, passwd_fields))
shadow_data = {}
res = ctx.run(getent.Getent(getent.Database.SHADOW, name))
if res.ok:
shadow_fields = res.stdout.strip().split(':')
shadow_headers = ('name', 'encrypted_password', 'last_change',
'min_age', 'max_age', 'warn_period',
'inactivity_period', 'exp_date', 'reserved')
shadow_data = dict(zip(shadow_headers, shadow_fields))
passwd_data.update(shadow_data)
return passwd_data
def has_chain(ctx: Context, chain, table=''):
res = ctx.run(
Iptables(table=table).list().numeric().pipe(
Grep('^Chain {}'.format(chain))))
return res.ok
def has_rule(ctx: Context, chain, rule: Rule, table=''):
res = ctx.run(Iptables(table=table).check(chain, rule))
return res.ok
def chain(ctx: Context, name, table=''):
if not has_chain(ctx, name, table):
res = ctx.run(Iptables(table=table).new_chain(name))
assert res.ok
def rule(ctx: Context, _chain, _rule: Rule, table=''):
chain(ctx, _chain, table=table)
if not has_rule(ctx, _chain, _rule, table=table):
res = ctx.run(Iptables(table=table).append(_chain, _rule))
assert res.ok
def user_exists(ctx: Context, name: str) -> bool:
res = ctx.run(
getent.Getent(getent.Database.PASSWD).pipe(
file.Grep('^{}:'.format(name))))
return res.ok