def setUp(self):
"""Set up the module."""
self.firewall_module = FirewallModule()
self.firewall_interface = FirewallInterface(self.firewall_module)
# Connect to the properties changed signal.
self.callback = Mock()
self.firewall_interface.PropertiesChanged.connect(self.callback)
def publish(self):
"""Publish the module."""
DBus.publish_object(FIREWALL.object_path, FirewallInterface(self))
class FirewallConfigurationTaskTestCase(unittest.TestCase):
"""Test the Firewall configuration DBus Task."""
def setUp(self):
"""Set up the module."""
self.firewall_module = FirewallModule()
self.firewall_interface = FirewallInterface(self.firewall_module)
# Connect to the properties changed signal.
self.callback = Mock()
self.firewall_interface.PropertiesChanged.connect(self.callback)
@patch_dbus_publish_object
def firewall_config_task_basic_test(self, publisher):
"""Test the Firewall configuration task - basic."""
task_path = self.firewall_interface.InstallWithTask()
obj = check_task_creation(self, task_path, publisher,
ConfigureFirewallTask)
self.assertEqual(obj.implementation._firewall_mode,
FirewallMode.DEFAULT)
self.assertEqual(obj.implementation._enabled_services, [])
self.assertEqual(obj.implementation._disabled_services, [])
self.assertEqual(obj.implementation._enabled_ports, [])
self.assertEqual(obj.implementation._trusts, [])
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_enable_missing_tool_test(self, execInSysroot):
"""Test the Firewall configuration task - enable & missing firewall-offline-cmd."""
with tempfile.TemporaryDirectory() as sysroot:
# no firewall-offline-cmd in the sysroot
os.makedirs(os.path.join(sysroot, "usr/bin"))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
# should raise an exception
with self.assertRaises(FirewallConfigurationError):
task.run()
# should not call execInSysroot
execInSysroot.assert_not_called()
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_disable_missing_tool_test(self, execInSysroot):
"""Test the Firewall configuration task - disable & missing firewall-offline-cmd"""
with tempfile.TemporaryDirectory() as sysroot:
# no firewall-offline-cmd in the sysroot
os.makedirs(os.path.join(sysroot, "usr/bin"))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DISABLED,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
# should not raise an exception
task.run()
# should not call execInSysroot
execInSysroot.assert_not_called()
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_default_missing_tool_test(self, execInSysroot):
"""Test the Firewall configuration task - default & missing firewall-offline-cmd"""
with tempfile.TemporaryDirectory() as sysroot:
# no firewall-offline-cmd in the sysroot
os.makedirs(os.path.join(sysroot, "usr/bin"))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DEFAULT,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
# should not raise an exception
task.run()
# should not call execInSysroot
execInSysroot.assert_not_called()
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_system_defaults_missing_tool_test(
self, execInSysroot):
"""Test the Firewall configuration task - use-system-defaults & missing firewall-offline-cmd"""
with tempfile.TemporaryDirectory() as sysroot:
# no firewall-offline-cmd in the sysroot
os.makedirs(os.path.join(sysroot, "usr/bin"))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.USE_SYSTEM_DEFAULTS,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
# should not raise an exception
task.run()
# should not call execInSysroot
execInSysroot.assert_not_called()
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_default_test(self, execInSysroot):
"""Test the Firewall configuration task - default."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DEFAULT,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd',
['--enabled', '--service=ssh'],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_enable_test(self, execInSysroot):
"""Test the Firewall configuration task - enable."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd',
['--enabled', '--service=ssh'],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_enable_with_options_test(self, execInSysroot):
"""Test the Firewall configuration task - enable with options."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=["smnp"],
disabled_services=["tftp"],
enabled_ports=["22001:tcp", "6400:udp"],
trusts=["eth1"])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd', [
'--enabled', '--service=ssh', '--trust=eth1',
'--port=22001:tcp', '--port=6400:udp',
'--remove-service=tftp', '--service=smnp'
],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_disable_ssh_test(self, execInSysroot):
"""Test the Firewall configuration task - test SSH can be disabled."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=[],
disabled_services=["ssh"],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd',
['--enabled', '--remove-service=ssh'],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_enable_disable_service_test(self, execInSysroot):
"""Test the Firewall configuration task - test enabling & disabling the same service"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=["tftp"],
disabled_services=["tftp"],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd', [
'--enabled', '--service=ssh', '--remove-service=tftp',
'--service=tftp'
],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_disable_test(self, execInSysroot):
"""Test the Firewall configuration task - disable."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DISABLED,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd',
['--disabled', '--service=ssh'],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_disable_with_options_test(self, execInSysroot):
"""Test the Firewall configuration task - disable with options."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.DISABLED,
enabled_services=["smnp"],
disabled_services=["tftp"],
enabled_ports=["22001:tcp", "6400:udp"],
trusts=["eth1"])
task.run()
# even in disable mode, we still forward all the options to firewall-offline-cmd
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd', [
'--disabled', '--service=ssh', '--trust=eth1',
'--port=22001:tcp', '--port=6400:udp',
'--remove-service=tftp', '--service=smnp'
],
root=sysroot)
@patch('pyanaconda.core.util.execInSysroot')
def firewall_config_task_use_system_defaults_test(self, execInSysroot):
"""Test the Firewall configuration task - use system defaults."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.USE_SYSTEM_DEFAULTS,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
# firewall-offline-cmd should not be called in use-system-defaults mode
execInSysroot.assert_not_called()