def firewall_config_task_disable_with_options_test(self, execInSysroot): """Test the Firewall configuration task - disable with options.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd")) self.assertTrue( os.path.exists( os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))) task = ConfigureFirewallTask( sysroot=sysroot, firewall_mode=FirewallMode.DISABLED, enabled_services=["smnp"], disabled_services=["tftp"], enabled_ports=["22001:tcp", "6400:udp"], trusts=["eth1"]) task.run() # even in disable mode, we still forward all the options to firewall-offline-cmd execInSysroot.assert_called_once_with( '/usr/bin/firewall-offline-cmd', [ '--disabled', '--service=ssh', '--trust=eth1', '--port=22001:tcp', '--port=6400:udp', '--remove-service=tftp', '--service=smnp' ], root=sysroot)
def firewall_config_task_default_missing_tool_test(self, execInSysroot): """Test the Firewall configuration task - default & missing firewall-offline-cmd""" with tempfile.TemporaryDirectory() as sysroot: # no firewall-offline-cmd in the sysroot os.makedirs(os.path.join(sysroot, "usr/bin")) task = ConfigureFirewallTask(sysroot=sysroot, firewall_mode=FirewallMode.DEFAULT, enabled_services=[], disabled_services=[], enabled_ports=[], trusts=[]) # should not raise an exception task.run() # should not call execInSysroot execInSysroot.assert_not_called()
def firewall_config_task_use_system_defaults_test(self, execInSysroot): """Test the Firewall configuration task - use system defaults.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd")) self.assertTrue( os.path.exists( os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))) task = ConfigureFirewallTask( sysroot=sysroot, firewall_mode=FirewallMode.USE_SYSTEM_DEFAULTS, enabled_services=[], disabled_services=[], enabled_ports=[], trusts=[]) task.run() # firewall-offline-cmd should not be called in use-system-defaults mode execInSysroot.assert_not_called()
def firewall_config_task_default_test(self, execInSysroot): """Test the Firewall configuration task - default.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd")) self.assertTrue( os.path.exists( os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))) task = ConfigureFirewallTask(sysroot=sysroot, firewall_mode=FirewallMode.DEFAULT, enabled_services=[], disabled_services=[], enabled_ports=[], trusts=[]) task.run() execInSysroot.assert_called_once_with( '/usr/bin/firewall-offline-cmd', ['--enabled', '--service=ssh'], root=sysroot)
def firewall_config_task_enable_disable_service_test(self, execInSysroot): """Test the Firewall configuration task - test enabling & disabling the same service""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd")) self.assertTrue( os.path.exists( os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))) task = ConfigureFirewallTask(sysroot=sysroot, firewall_mode=FirewallMode.ENABLED, enabled_services=["tftp"], disabled_services=["tftp"], enabled_ports=[], trusts=[]) task.run() execInSysroot.assert_called_once_with( '/usr/bin/firewall-offline-cmd', [ '--enabled', '--service=ssh', '--remove-service=tftp', '--service=tftp' ], root=sysroot)