def test_prepare_new_container(insert_rule_mock, ensure_chain_mock, reorder_chain_mock, get_rules_mock): firewall.prepare_new_container( DEFAULT_SOA_DIR, firewall.DEFAULT_SYNAPSE_SERVICE_DIR, 'myservice', 'myinstance', '00:00:00:00:00:00', ) assert ensure_chain_mock.mock_calls == [ mock.call('PAASTA-DNS', mock.ANY), mock.call('PAASTA-INTERNET', mock.ANY), mock.call('PAASTA-COMMON', mock.ANY), mock.call('PAASTA.myservice.7e8522249a', mock.sentinel.RULES), ] assert reorder_chain_mock.mock_calls == [ mock.call('PAASTA.myservice.7e8522249a'), ] assert insert_rule_mock.mock_calls == [ mock.call( 'PAASTA', EMPTY_RULE._replace( target='PAASTA.myservice.7e8522249a', matches=(('mac', (('mac-source', ('00:00:00:00:00:00', )), )), ), ), ), ]
def add_firewall(argv, service, instance): output = '' try: mac_address, lockfile = reserve_unique_mac_address(LOCK_DIRECTORY) except Exception as e: output = f'Unable to add mac address: {e}' else: argv = add_argument(argv, f'--mac-address={mac_address}') try: with firewall_flock(): prepare_new_container( DEFAULT_SOA_DIR, DEFAULT_SYNAPSE_SERVICE_DIR, service, instance, mac_address, ) except Exception as e: output = f'Unable to add firewall rules: {e}' if output: print(output, file=sys.stderr) return argv
def test_prepare_new_container(insert_rule_mock, ensure_chain_mock, reorder_chain_mock, get_rules_mock): firewall.prepare_new_container( DEFAULT_SOA_DIR, firewall.DEFAULT_SYNAPSE_SERVICE_DIR, "myservice", "myinstance", "00:00:00:00:00:00", ) assert ensure_chain_mock.mock_calls == [ mock.call("PAASTA-DNS", mock.ANY), mock.call("PAASTA-INTERNET", mock.ANY), mock.call("PAASTA-COMMON", mock.ANY), mock.call("PAASTA.myservice.7e8522249a", mock.sentinel.RULES), ] assert reorder_chain_mock.mock_calls == [ mock.call("PAASTA.myservice.7e8522249a") ] assert insert_rule_mock.mock_calls == [ mock.call( "PAASTA", EMPTY_RULE._replace( target="PAASTA.myservice.7e8522249a", matches=(("mac", (("mac-source", ("00:00:00:00:00:00", )), )), ), ), ) ]