def test_get_confs(): """Get confs from firewalls Check for ip addr show Ignore the iptables confs: the current state on the hosts (or emulator) is not known """ d = dict((h, [ip_addr]) for ip_addr, h in addrmap.iteritems()) sx = SSHConnector(targets=d) confs = sx.get_confs() assert isinstance(confs, dict) for hostname in d: assert hostname in confs, "%s missing from the results" % hostname for h, conf in confs.iteritems(): # assert isinstance(conf, dict), "%s's conf is not a dict: %s" \ # % (h, repr(conf)) assert 'iptables' in conf assert 'ip_a_s' in conf assert 'nat' in conf['iptables'] assert 'filter' in conf['iptables'] assert 'lo' in conf['ip_a_s'] for h in ('InternalFW', 'Server001', 'BorderFW', 'Smeagol'): assert 'eth0' in confs[h]['ip_a_s'], h + " has no eth0" assert 'eth1' in confs['BorderFW']['ip_a_s'] assert 'eth1' in confs['InternalFW']['ip_a_s'] assert 'eth2' in confs['BorderFW']['ip_a_s']
def test_get_conf_BorderFW(): d = {'BorderFW': ['172.16.2.223']} for x in xrange(20): deb(show("%d run" % x)) sx = SSHConnector(d) confs = sx.get_confs() assert isinstance(confs, dict) assert 'BorderFW' in confs, "BorderFW missing from the results" assert 'iptables' in confs['BorderFW'] del(sx) deb(show("Completed run %d" % x))
def test_deliver_apply_and_get_confs(): """Remote conf delivery, apply and get it back """ d = dict((h, [ip_addr]) for ip_addr, h in addrmap.iteritems()) # confs = {hostname: {iface: [rules, ] }, ... } confs = dict( (h, ['# this is an iptables conf test', '# for %s' % h, '-A INPUT -s 3.3.3.3/32 -j ACCEPT', ] ) for h in d ) # deliver log.debug("Delivery...") sx = SSHConnector(d) status = sx.deliver_confs(confs) assert status == {'InternalFW': 'ok', 'Server001': 'ok', 'BorderFW': 'ok', 'localhost': 'ok', 'Smeagol': 'ok'}, repr(status) # apply log.debug("Applying...") sx.apply_remote_confs() # get and compare log.debug("Getting confs...") rconfs = sx.get_confs() for h, conf in confs.iteritems(): assert h in rconfs, "%s missing from received confs" % h r = rconfs[h] assert 'iptables' in r assert 'ip_a_s' in r assert 'nat' in r['iptables'] assert 'filter' in r['iptables'] # assert r['iptables']['nat'] == [], repr(r) #FIXME: re-enable this #assert r['iptables']['filter'] == ['-A INPUT -s 3.3.3.3/32 -j ACCEPT'], "Rconf: %s" % repr(r) assert 'lo' in r['ip_a_s']