コード例 #1
0
    def check_acl(self, list):
        clear1 = self.clear_all_acls()
        clear2 = self.clear_all_acls()
        assert clear1 == clear2, "Clear all acls called twice and produced different results"
        unique = {}

        # How many unique devices
        for ips in list:
            unique["eth%s" % ips["nic_dev_id"]] = 1

        # If this is the first run, the drops will not be there yet
        # this is so I can get get a true count of what is explicitly added
        drops = len(unique)
        for dev in unique:
            drops -= ip.count_fw_rules('ACL_INBOUND_%s -j DROP' % dev)

        for ips in list:
            config = copy.deepcopy(self.basic_network_acl)
            config['device'] = "eth%s" % ips["nic_dev_id"]
            config['nic_ip'] = ips["public_ip"]
            for rule in self.basic_acl_rules:
                config['ingress_rules'].append(rule)
                config['egress_rules'].append(rule)
            self.update_config(config)

        # Check the default drop rules are there
        for dev in unique:
            drop = ip.count_fw_rules('ACL_INBOUND_%s -j DROP' % dev)
            assert drop == 1, "ACL_INBOUND_%s does not have a default drop rule" % dev

        after = ip.count_fw_rules()
        # How many new acls should we get?
        # The number of rules * the number of devices * 2 (in and out)
        expected = len(unique) * 2 * len(self.basic_acl_rules) + clear2 + drops
        assert expected == after, "Number of acl rules does not match what I expected to see"
        for dev in range(6):
            config = copy.deepcopy(self.basic_network_acl)
            config['device'] = "eth%s" % dev
            self.update_config(config)
        clear2 = self.clear_all_acls() - drops
        assert clear1 == clear2, "Clear all acls appears to have failed"
コード例 #2
0
 def clear_all_acls(self):
     for dev in range(6):
         config = copy.deepcopy(self.basic_network_acl)
         config['device'] = "eth%s" % dev
         self.update_config(config)
     return ip.count_fw_rules()