def firewall_config_task_disable_with_options_test(self, execInSysroot):
"""Test the Firewall configuration task - disable with options."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.DISABLED,
enabled_services=["smnp"],
disabled_services=["tftp"],
enabled_ports=["22001:tcp", "6400:udp"],
trusts=["eth1"])
task.run()
# even in disable mode, we still forward all the options to firewall-offline-cmd
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd', [
'--disabled', '--service=ssh', '--trust=eth1',
'--port=22001:tcp', '--port=6400:udp',
'--remove-service=tftp', '--service=smnp'
],
root=sysroot)
def firewall_config_task_default_missing_tool_test(self, execInSysroot):
"""Test the Firewall configuration task - default & missing firewall-offline-cmd"""
with tempfile.TemporaryDirectory() as sysroot:
# no firewall-offline-cmd in the sysroot
os.makedirs(os.path.join(sysroot, "usr/bin"))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DEFAULT,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
# should not raise an exception
task.run()
# should not call execInSysroot
execInSysroot.assert_not_called()
def install_with_task(self):
"""Return the installation task of this module.
:returns: an installation task
"""
return ConfigureFirewallTask(sysroot=conf.target.system_root,
firewall_mode=self.firewall_mode,
enabled_services=self.enabled_services,
disabled_services=self.disabled_services,
enabled_ports=self.enabled_ports,
trusts=self.trusts)
def firewall_config_task_use_system_defaults_test(self, execInSysroot):
"""Test the Firewall configuration task - use system defaults."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(
sysroot=sysroot,
firewall_mode=FirewallMode.USE_SYSTEM_DEFAULTS,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
# firewall-offline-cmd should not be called in use-system-defaults mode
execInSysroot.assert_not_called()
def firewall_config_task_default_test(self, execInSysroot):
"""Test the Firewall configuration task - default."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.DEFAULT,
enabled_services=[],
disabled_services=[],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd',
['--enabled', '--service=ssh'],
root=sysroot)
def firewall_config_task_enable_disable_service_test(self, execInSysroot):
"""Test the Firewall configuration task - test enabling & disabling the same service"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/firewall-offline-cmd"))
self.assertTrue(
os.path.exists(
os.path.join(sysroot, "usr/bin/firewall-offline-cmd")))
task = ConfigureFirewallTask(sysroot=sysroot,
firewall_mode=FirewallMode.ENABLED,
enabled_services=["tftp"],
disabled_services=["tftp"],
enabled_ports=[],
trusts=[])
task.run()
execInSysroot.assert_called_once_with(
'/usr/bin/firewall-offline-cmd', [
'--enabled', '--service=ssh', '--remove-service=tftp',
'--service=tftp'
],
root=sysroot)
def install_with_task(self):
"""Return the installation tasks of this module.
:returns: list of object paths of installation tasks
"""
firewall_configuration_task = ConfigureFirewallTask(
sysroot=conf.target.system_root,
firewall_mode=self.firewall_mode,
enabled_services=self.enabled_services,
disabled_services=self.disabled_services,
enabled_ports=self.enabled_ports,
trusts=self.trusts)
return self.publish_task(FIREWALL.namespace,
firewall_configuration_task)
