def test_insert_rule(mock_Table, mock_Chain):
iptables.insert_rule("PAASTA.service", EMPTY_RULE._replace(target="DROP"))
call, = mock_Chain("filter", "PAASTA.service").insert_rule.call_args_list
args, kwargs = call
rule, = args
assert iptables.Rule.from_iptc(rule) == EMPTY_RULE._replace(target="DROP")
def prepare_new_container(soa_dir, synapse_service_dir, service, instance, mac):
"""Update iptables to include rules for a new (not yet running) MAC address
"""
ensure_shared_chains() # probably already set, but just to be safe
service_group = ServiceGroup(service, instance)
service_group.update_rules(soa_dir, synapse_service_dir)
iptables.insert_rule("PAASTA", dispatch_rule(service_group.chain_name, mac))
def test_insert_rule(mock_Table, mock_Chain):
iptables.insert_rule(
'PAASTA.service', EMPTY_RULE._replace(target='DROP'),
)
call, = mock_Chain('filter', 'PAASTA.service').insert_rule.call_args_list
args, kwargs = call
rule, = args
assert iptables.Rule.from_iptc(rule) == EMPTY_RULE._replace(target='DROP')
