def test_ensure_rule_already_exists(): with mock.patch.object( iptables, 'list_chain', return_value=( EMPTY_RULE._replace(target='DROP'), EMPTY_RULE._replace(src='10.0.0.0/255.255.255.0'), ), ), mock.patch.object( iptables, 'insert_rule', autospec=True, ) as mock_insert_rule: iptables.ensure_rule( 'PAASTA.service', EMPTY_RULE._replace(target='DROP'), ) assert mock_insert_rule.called is False
def test_ensure_rule_already_exists(): with mock.patch.object( iptables, "list_chain", return_value=( EMPTY_RULE._replace(target="DROP"), EMPTY_RULE._replace(src="10.0.0.0/255.255.255.0"), ), ), mock.patch.object(iptables, "insert_rule", autospec=True) as mock_insert_rule: iptables.ensure_rule("PAASTA.service", EMPTY_RULE._replace(target="DROP")) assert mock_insert_rule.called is False
def test_ensure_rule_does_not_exist(): with mock.patch.object( iptables, 'list_chain', return_value=( EMPTY_RULE._replace(target='ACCEPT'), EMPTY_RULE._replace(src='10.0.0.0/255.255.255.0'), ), ), mock.patch.object( iptables, 'insert_rule', autospec=True, ) as mock_insert_rule: iptables.ensure_rule( 'PAASTA.service', EMPTY_RULE._replace(target='DROP'), ) assert mock_insert_rule.mock_calls == [ mock.call('PAASTA.service', EMPTY_RULE._replace(target='DROP')), ]
def test_ensure_rule_does_not_exist(): with mock.patch.object( iptables, "list_chain", return_value=( EMPTY_RULE._replace(target="ACCEPT"), EMPTY_RULE._replace(src="10.0.0.0/255.255.255.0"), ), ), mock.patch.object(iptables, "insert_rule", autospec=True) as mock_insert_rule: iptables.ensure_rule("PAASTA.service", EMPTY_RULE._replace(target="DROP")) assert mock_insert_rule.mock_calls == [ mock.call("PAASTA.service", EMPTY_RULE._replace(target="DROP")) ]
def ensure_dispatch_chains(service_chains): paasta_rules = set( itertools.chain.from_iterable( (dispatch_rule(chain, mac) for mac in macs) for chain, macs in service_chains.items())) iptables.ensure_chain('PAASTA', paasta_rules) jump_to_paasta = iptables.Rule( protocol='ip', src='0.0.0.0/0.0.0.0', dst='0.0.0.0/0.0.0.0', target='PAASTA', matches=(), target_parameters=(), ) iptables.ensure_rule('INPUT', jump_to_paasta) iptables.ensure_rule('FORWARD', jump_to_paasta)
def ensure_dispatch_chains(service_chains): paasta_rules = set( itertools.chain.from_iterable( (dispatch_rule(chain, mac) for mac in macs) for chain, macs in service_chains.items())) iptables.ensure_chain("PAASTA", paasta_rules) jump_to_paasta = iptables.Rule( protocol="ip", src="0.0.0.0/0.0.0.0", dst="0.0.0.0/0.0.0.0", target="PAASTA", matches=(), target_parameters=(), ) iptables.ensure_rule("INPUT", jump_to_paasta) iptables.ensure_rule("FORWARD", jump_to_paasta)