def test_snat_extra_rule(self):
"""Tests SNAT setup when rule needs to be removed.
"""
# Disable protected-access: Test access protected members.
# pylint: disable=protected-access
treadmill.iptables._get_current_snat_rules.return_value = (
self.snat_rules |
set([
firewall.SNATRule('tcp',
'172.31.81.67', 5004,
'192.168.2.15', 22),
])
)
desired_rules = (
self.snat_rules
)
iptables.configure_snat_rules(
desired_rules,
iptables.PREROUTING_DNAT
)
self.assertEqual(0, treadmill.iptables.add_snat_rule.call_count)
treadmill.iptables.delete_snat_rule.assert_called_with(
firewall.SNATRule('tcp',
'172.31.81.67', 5004,
'192.168.2.15', 22),
chain=iptables.PREROUTING_DNAT
)
def test_snat_missing_rule(self):
"""Tests DNAT setup when new rule needs to be created.
"""
# Disable W0212: Test access protected members.
# pylint: disable=W0212
treadmill.iptables._get_current_snat_rules.return_value = \
self.snat_rules
desired_rules = (
self.snat_rules |
set([
firewall.SNATRule('tcp',
'172.31.81.67', 5004,
'192.168.2.15', 22),
])
)
iptables.configure_snat_rules(
desired_rules,
iptables.POSTROUTING_SNAT
)
treadmill.iptables.add_snat_rule.assert_called_with(
firewall.SNATRule('tcp',
'172.31.81.67', 5004,
'192.168.2.15', 22),
chain=iptables.POSTROUTING_SNAT
)
self.assertEquals(0, treadmill.iptables.delete_snat_rule.call_count)
def test_snat_up_to_date(self):
"""Tests SNAT setup when configuration is up to date.
"""
# Disable protected-access: Test access protected members.
# pylint: disable=protected-access
treadmill.iptables._get_current_snat_rules.return_value = \
self.snat_rules
iptables.configure_snat_rules(self.snat_rules,
iptables.POSTROUTING_SNAT)
self.assertEqual(0, treadmill.iptables.add_snat_rule.call_count)
self.assertEqual(0, treadmill.iptables.delete_snat_rule.call_count)
