def test_enable_firewall_checks_for_invalid_iptables_options(self, mock_run, mock_output):
osutil._enable_firewall = True
util = osutil.DefaultOSUtil()
dst = '1.2.3.4'
version = "iptables v{0}".format(osutil.IPTABLES_LOCKING_VERSION)
wait = "-w"
# iptables uses the following exit codes
# 0 - correct function
# 1 - other errors
# 2 - errors which appear to be caused by invalid or abused command
# line parameters
mock_run.side_effect = [2]
mock_output.return_value = (0, version)
self.assertFalse(util.enable_firewall(dst_ip='1.2.3.4', uid=42))
self.assertFalse(osutil._enable_firewall)
mock_run.assert_has_calls([
call(osutil.FIREWALL_DROP.format(wait, "C", dst), chk_err=False),
])
mock_output.assert_has_calls([
call(osutil.IPTABLES_VERSION)
])
def test_http_request_proxy_secure(self, HTTPConnection, HTTPSConnection):
mock_conn = \
MagicMock(getresponse=\
Mock(return_value=\
Mock(read=Mock(return_value="TheResults"))))
HTTPSConnection.return_value = mock_conn
resp = restutil._http_request("GET",
"foo",
"/bar",
proxy_host="foo.bar",
proxy_port=23333,
secure=True)
HTTPConnection.assert_not_called()
HTTPSConnection.assert_has_calls([call("foo.bar", 23333, timeout=10)])
mock_conn.request.assert_has_calls([
call(method="GET",
url="https://foo:443/bar",
body=None,
headers={
'User-Agent': HTTP_USER_AGENT,
'Connection': 'close'
})
])
self.assertEqual(1, mock_conn.getresponse.call_count)
self.assertNotEqual(None, resp)
self.assertEqual("TheResults", resp.read())
def test_remove_firewall_does_not_repeat(self, mock_run, mock_output, _):
osutil._enable_firewall = True
util = osutil.DefaultOSUtil()
dst_ip='1.2.3.4'
uid=42
version = "iptables v{0}".format(osutil.IPTABLES_LOCKING_VERSION)
wait = "-w"
mock_run.side_effect = [2]
mock_output.side_effect = [(0, version), (1, "Output")]
self.assertFalse(util.remove_firewall(dst_ip, uid))
mock_run.assert_has_calls([
call(osutil.FIREWALL_DELETE_CONNTRACK_ACCEPT.format(wait, dst_ip), chk_err=False),
])
mock_output.assert_has_calls([
call(osutil.IPTABLES_VERSION)
])
self.assertFalse(osutil._enable_firewall)
self.assertTrue(mock_run.call_count == 1)
self.assertTrue(mock_output.call_count == 1)
self.assertFalse(util.remove_firewall())
self.assertFalse(util.remove_firewall())
self.assertTrue(mock_run.call_count == 1)
self.assertTrue(mock_output.call_count == 1)
def test_remove_firewall(self, mock_run, mock_output, mock_uid):
osutil._enable_firewall = True
util = osutil.DefaultOSUtil()
dst = '1.2.3.4'
uid = 42
version = "iptables v{0}".format(osutil.IPTABLES_LOCKING_VERSION)
wait = "-w"
mock_run.side_effect = [0, 1, 0, 1, 0, 1]
mock_output.side_effect = [(0, version), (0, "Output")]
self.assertTrue(util.remove_firewall(dst, uid))
mock_run.assert_has_calls([
# delete rules < 2.2.26
call(osutil.FIREWALL_DELETE_CONNTRACK_ACCEPT.format(wait, dst), chk_err=False),
call(osutil.FIREWALL_DELETE_CONNTRACK_ACCEPT.format(wait, dst), chk_err=False),
call(osutil.FIREWALL_DELETE_OWNER_ACCEPT.format(wait, dst, uid), chk_err=False),
call(osutil.FIREWALL_DELETE_OWNER_ACCEPT.format(wait, dst, uid), chk_err=False),
# delete rules >= 2.2.26
call(osutil.FIREWALL_DELETE_CONNTRACK_DROP.format(wait, dst), chk_err=False),
call(osutil.FIREWALL_DELETE_CONNTRACK_DROP.format(wait, dst), chk_err=False),
])
mock_output.assert_has_calls([
call(osutil.IPTABLES_VERSION)
])
self.assertTrue(osutil._enable_firewall)
def test_enable_firewall_skips_if_drop_exists(self, mock_run, mock_output, mock_uid):
osutil._enable_firewall = True
util = osutil.DefaultOSUtil()
dst = '1.2.3.4'
uid = 42
version = "iptables v{0}".format(osutil.IPTABLES_LOCKING_VERSION)
wait = "-w"
mock_run.side_effect = [0, 0, 0]
mock_output.return_value = (0, version)
self.assertTrue(util.enable_firewall(dst_ip=dst, uid=uid))
mock_run.assert_has_calls([
call(osutil.FIREWALL_DROP.format(wait, "C", dst), chk_err=False),
])
mock_output.assert_has_calls([
call(osutil.IPTABLES_VERSION)
])
self.assertTrue(osutil._enable_firewall)
def test_http_request_direct_secure(self, HTTPConnection, HTTPSConnection): # pylint: disable=invalid-name
mock_conn = \
MagicMock(getresponse=\
Mock(return_value=\
Mock(read=Mock(return_value="TheResults"))))
HTTPSConnection.return_value = mock_conn
resp = restutil._http_request("GET", "foo", "/bar", secure=True) # pylint: disable=protected-access
HTTPConnection.assert_not_called()
HTTPSConnection.assert_has_calls([
call("foo", 443, timeout=10)
])
mock_conn.request.assert_has_calls([
call(method="GET", url="/bar", body=None, headers={'User-Agent': HTTP_USER_AGENT, 'Connection': 'close'})
])
self.assertEqual(1, mock_conn.getresponse.call_count)
self.assertNotEqual(None, resp)
self.assertEqual("TheResults", resp.read())
def test_enable_firewall_no_wait(self, mock_run, mock_output, mock_uid):
osutil._enable_firewall = True
util = osutil.DefaultOSUtil()
dst = '1.2.3.4'
uid = 42
version = "iptables v{0}".format(osutil.IPTABLES_LOCKING_VERSION-1)
wait = ""
mock_run.side_effect = [1, 0, 0]
mock_output.side_effect = [(0, version), (0, "Output")]
self.assertTrue(util.enable_firewall(dst_ip=dst, uid=uid))
mock_run.assert_has_calls([
call(osutil.FIREWALL_DROP.format(wait, "C", dst), chk_err=False),
call(osutil.FIREWALL_ACCEPT.format(wait, "A", dst, uid)),
call(osutil.FIREWALL_DROP.format(wait, "A", dst))
])
mock_output.assert_has_calls([
call(osutil.IPTABLES_VERSION),
call(osutil.FIREWALL_LIST.format(wait))
])
self.assertTrue(osutil._enable_firewall)
def test_http_request_direct(self, HTTPConnection, HTTPSConnection):
mock_conn = \
MagicMock(getresponse=\
Mock(return_value=\
Mock(read=Mock(return_value="TheResults"))))
HTTPConnection.return_value = mock_conn
resp = restutil._http_request("GET", "foo", "/bar")
HTTPConnection.assert_has_calls([call("foo", 80, timeout=10)])
HTTPSConnection.assert_not_called()
mock_conn.request.assert_has_calls([
call(method="GET",
url="/bar",
body=None,
headers={
'User-Agent': HTTP_USER_AGENT,
'Connection': 'close'
})
])
self.assertEqual(1, mock_conn.getresponse.call_count)
self.assertNotEqual(None, resp)
self.assertEqual("TheResults", resp.read())
def test_http_request_retries_for_safe_minimum_number_when_throttled(self, _http_request, _sleep):
# Ensure the code is a throttle code
self.assertTrue(httpclient.SERVICE_UNAVAILABLE in restutil.THROTTLE_CODES)
_http_request.side_effect = [
Mock(status=httpclient.SERVICE_UNAVAILABLE)
for i in range(restutil.THROTTLE_RETRIES-1) # pylint: disable=unused-variable
] + [Mock(status=httpclient.OK)]
restutil.http_get("https://foo.bar",
max_retry=1)
self.assertEqual(restutil.THROTTLE_RETRIES, _http_request.call_count)
self.assertEqual(restutil.THROTTLE_RETRIES-1, _sleep.call_count)
self.assertEqual(
[call(1) for i in range(restutil.THROTTLE_RETRIES-1)],
_sleep.call_args_list)
def test_http_request_retries_with_fibonacci_delay(self, _http_request, _sleep):
# Ensure the code is not a throttle code
self.assertFalse(httpclient.BAD_GATEWAY in restutil.THROTTLE_CODES)
_http_request.side_effect = [
Mock(status=httpclient.BAD_GATEWAY)
for i in range(restutil.DEFAULT_RETRIES)
] + [Mock(status=httpclient.OK)]
restutil.http_get("https://foo.bar",
max_retry=restutil.DEFAULT_RETRIES+1)
self.assertEqual(restutil.DEFAULT_RETRIES+1, _http_request.call_count)
self.assertEqual(restutil.DEFAULT_RETRIES, _sleep.call_count)
self.assertEqual(
[
call(restutil._compute_delay(i+1, restutil.DELAY_IN_SECONDS)) # pylint: disable=protected-access
for i in range(restutil.DEFAULT_RETRIES)],
_sleep.call_args_list)
def test_http_request_retries_with_constant_delay_when_throttled(
self, _http_request, _sleep):
# Ensure the code is a throttle code
self.assertTrue(
httpclient.SERVICE_UNAVAILABLE in restutil.THROTTLE_CODES)
_http_request.side_effect = [
Mock(status=httpclient.SERVICE_UNAVAILABLE)
for i in range(restutil.DEFAULT_RETRIES)
] + [Mock(status=httpclient.OK)]
restutil.http_get("https://foo.bar",
max_retry=restutil.DEFAULT_RETRIES + 1)
self.assertEqual(restutil.DEFAULT_RETRIES + 1,
_http_request.call_count)
self.assertEqual(restutil.DEFAULT_RETRIES, _sleep.call_count)
self.assertEqual([call(1) for i in range(restutil.DEFAULT_RETRIES)],
_sleep.call_args_list)
