def test__firewall__target_doesnt_exist():
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
side_effect=lib.QsmDomainDoesntExistError,
autospec=True):
with pytest.raises(lib.QsmDomainDoesntExistError):
dom0.firewall("test-vm", "accept", "192.168.1.1", "1")
def test__firewall__dsthost__fuzz_negative(value):
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm", "accept", value, "1")
def test__firewall__proto__happy_path(value):
"""Test valid, constrained values for proto"""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
dom0.firewall("test-vm", "accept", "192.168.1.1", "1",
proto=value) is None
def test__firewall__dstports__fuzz_unacceptable_ints(value):
"""Test values outside of the acceptable range of ports."""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm", "accept", "192.168.1.1", str(value))
def test__firewall__dstports__invalid_type_fuzz_negative(value):
"""Test random types cause assertion error"""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm", "accept", "192.168.1.1", value)
def test__firewall__proto__invalid_type_nagative_fuzz(value):
"""Test invalid, unconstrained values for proto - should throw."""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm",
"accept",
"192.168.1.1",
"1",
proto=value)
def test__firewall__icmptype__proto_set_icmptype_is_used():
"""Test that proto must be icmp is icmptype is set"""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm",
"accept",
"192.168.1.1",
"1",
proto="tcp",
icmptype=0)
def test__firewall__icmptype__invalid_type_nagative_fuzz(value):
"""Test non-integer types for icmptype - should throw."""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm",
"accept",
"192.168.1.1",
"1",
proto="icmp",
icmptype=value)
def test__firewall__icmptype__nagative_fuzz(value):
"""Test values outside of the acceptable range of icmp types."""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
with pytest.raises(AssertionError):
dom0.firewall("test-vm",
"accept",
"192.168.1.1",
"1",
proto="icmp",
icmptype=value)
def test__firewall__dstports__fuzz_positive(value):
"""Test values inside of the acceptable range of ports"""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
assert dom0.firewall("test-vm", "accept", "192.168.1.1", str(value)) is None, \
"{} should be accepted as a valid port".format(value)
def test__firewall__icmptype__happy_fuzz(value):
"""Test values inside of the acceptable range of icmp types."""
with patch("qsm.dom0.lib.run", return_value=None, autospec=True):
with patch("qsm.dom0.exists_or_throws",
return_value=True,
autospec=True):
assert dom0.firewall("test-vm",
"accept",
"192.168.1.1",
"1",
proto="icmp",
icmptype=value) is None
assert mock_create.called, "the vm was not created"
assert not mock_clone.called, "the vm was cloned, instead of created"
assert not mock_vm_prefs.called, "prefs were set, but none were given"
assert not mock_enable_services.called, "services were enabled, but none were given"
assert _job_one.called, "job one wasn't called"
assert _job_one.called, "job two wasn't called"
# >>> firewall() >>>
@pytest.mark.parametrize(
"do,expected",
[
# func | expected
# action=accept
(lambda: dom0.firewall("test-vm", "accept", "192.168.1.1", "1"),
"qvm-firewall test-vm add action=accept dsthost=192.168.1.1 proto=tcp"
),
# action=drop
(lambda: dom0.firewall("test-vm", "drop", "192.168.1.1", "1"),
"qvm-firewall test-vm add action=drop dsthost=192.168.1.1 proto=tcp"),
# proto=udp
(lambda: dom0.firewall(
"test-vm", "accept", "192.168.1.1", "1", proto="udp"),
"qvm-firewall test-vm add action=accept dsthost=192.168.1.1 proto=udp"
),
# proto=icmp
(lambda: dom0.firewall(
"test-vm", "accept", "192.168.1.1", "1", proto="icmp"),
"qvm-firewall test-vm add action=accept dsthost=192.168.1.1 proto=icmp"
),