def check_acl(self, list):
clear1 = self.clear_all_acls()
clear2 = self.clear_all_acls()
assert clear1 == clear2, "Clear all acls called twice and produced different results"
unique = {}
# How many unique devices
for ips in list:
unique["eth%s" % ips["nic_dev_id"]] = 1
# If this is the first run, the drops will not be there yet
# this is so I can get get a true count of what is explicitly added
drops = len(unique)
for dev in unique:
drops -= ip.count_fw_rules('ACL_INBOUND_%s -j DROP' % dev)
for ips in list:
config = copy.deepcopy(self.basic_network_acl)
config['device'] = "eth%s" % ips["nic_dev_id"]
config['nic_ip'] = ips["public_ip"]
for rule in self.basic_acl_rules:
config['ingress_rules'].append(rule)
config['egress_rules'].append(rule)
self.update_config(config)
# Check the default drop rules are there
for dev in unique:
drop = ip.count_fw_rules('ACL_INBOUND_%s -j DROP' % dev)
assert drop == 1, "ACL_INBOUND_%s does not have a default drop rule" % dev
after = ip.count_fw_rules()
# How many new acls should we get?
# The number of rules * the number of devices * 2 (in and out)
expected = len(unique) * 2 * len(self.basic_acl_rules) + clear2 + drops
assert expected == after, "Number of acl rules does not match what I expected to see"
for dev in range(6):
config = copy.deepcopy(self.basic_network_acl)
config['device'] = "eth%s" % dev
self.update_config(config)
clear2 = self.clear_all_acls() - drops
assert clear1 == clear2, "Clear all acls appears to have failed"
def clear_all_acls(self):
for dev in range(6):
config = copy.deepcopy(self.basic_network_acl)
config['device'] = "eth%s" % dev
self.update_config(config)
return ip.count_fw_rules()