def test_in_namespace_enter_failed(self):
self.setns_mock.side_effect = ValueError
with testtools.ExpectedException(ValueError):
with utils.in_namespace(self.NEW_NETNS):
self.fail('It should fail before we reach this code')
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
def test_in_namespace_enter_failed(self):
self.setns_mock.side_effect = ValueError
with testtools.ExpectedException(ValueError):
with utils.in_namespace(self.NEW_NETNS):
self.fail('It should fail before we reach this code')
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
self.close_mock.assert_called_once_with(self.ORG_NETNS_FD)
def test_in_namespace_failed(self):
with testtools.ExpectedException(ValueError):
with utils.in_namespace(self.NEW_NETNS):
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
raise ValueError
setns_calls = [mock.call(self.NEW_NETNS), mock.call(self.ORG_NETNS_FD)]
self.setns_mock.assert_has_calls(setns_calls)
def test_in_namespace(self):
with utils.in_namespace(self.NEW_NETNS):
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
setns_calls = [mock.call(self.ORG_NETNS_FD)]
close_calls = [mock.call(self.ORG_NETNS_FD)]
self.setns_mock.assert_has_calls(setns_calls)
self.close_mock.assert_has_calls(close_calls)
def test_in_namespace_failed(self):
with testtools.ExpectedException(ValueError):
with utils.in_namespace(self.NEW_NETNS):
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
raise ValueError
setns_calls = [mock.call(self.ORG_NETNS_FD)]
close_calls = [mock.call(self.ORG_NETNS_FD)]
self.setns_mock.assert_has_calls(setns_calls)
self.close_mock.assert_has_calls(close_calls)
def flush_entries(namespace=None):
"""Delete all conntrack entries
:param namespace: namespace to delete conntrack entries
:return: None
"""
with fwaas_utils.in_namespace(namespace):
for ipversion in IP_VERSIONS:
with ConntrackManager(nl_constants.IPVERSION_SOCKET[ipversion]) \
as conntrack:
conntrack.flush_entries()
def delete_entries(entries, namespace=None):
"""Delete selected entries
:param entries: list of parsed (as tuple) entries to delete
:param namespace: namespace to delete conntrack entries
:return: None
"""
entry_args = []
for entry in entries:
entry_arg = {'ipversion': entry[0], 'protocol': entry[1]}
for idx, attr in enumerate(ATTR_POSITIONS[entry_arg['protocol']]):
entry_arg[attr[0]] = entry[idx + 2]
entry_args.append(entry_arg)
with fwaas_utils.in_namespace(namespace):
with ConntrackManager() as conntrack:
conntrack.delete_entries(entry_args)
def list_entries(namespace=None):
"""List and parse all conntrack entries
:param namespace: namespace to get conntrack entries
:return: sorted list of conntrack entries in Python tuple
example: [(4, 'icmp', '8', '0', '1.1.1.1', '2.2.2.2', '1234'),
(4, 'tcp', '1', '2', '1.1.1.1', '2.2.2.2')]
"""
parsed_entries = []
with fwaas_utils.in_namespace(namespace):
for ipversion in IP_VERSIONS:
with ConntrackManager(nl_constants.IPVERSION_SOCKET[ipversion]) \
as conntrack:
raw_entries = conntrack.list_entries()
for raw_entry in raw_entries:
parsed_entry = _parse_entry(raw_entry.split(), ipversion)
parsed_entries.append(parsed_entry)
return sorted(parsed_entries)
def run_nflog(namespace=None, group=0):
"""Run a nflog process under a namespace
This process will listen nflog packets, which are sent from kernel to
userspace. Then it decode these packets and send it to IPC address for log
application.
"""
with fwaas_utils.in_namespace(namespace):
try:
handle = NFLogWrapper.get_instance()
handle.open()
handle.bind_group(group)
pid = handle.start()
except Exception:
with excutils.save_and_reraise_exception():
LOG.exception("NFLOG thread died of an exception")
try:
handle.unbind_group(group)
handle.close()
except Exception:
pass
return pid
def get_in_namespace_interfaces(namespace):
before = list_interface_names()
with utils.in_namespace(namespace):
inside = list_interface_names()
after = list_interface_names()
return before, inside, after
def test_in_namespace_exit_failed(self):
self.setns_mock.side_effect = [self.NEW_NETNS_FD, ValueError]
with testtools.ExpectedException(utils.BackInNamespaceExit):
with utils.in_namespace(self.NEW_NETNS):
pass
def test_in_no_namespace(self):
for namespace in ('', None):
with utils.in_namespace(namespace):
pass
self.setns_mock.assert_not_called()
self.close_mock.assert_not_called()
def get_in_namespace_netns_inodes(namespace):
before = get_my_netns_inode()
with utils.in_namespace(namespace):
inside = get_my_netns_inode()
after = get_my_netns_inode()
return before, inside, after
def test_in_namespace_exit_failed(self):
self.setns_mock.side_effect = [self.NEW_NETNS_FD, ValueError]
with testtools.ExpectedException(utils.BackInNamespaceExit):
with utils.in_namespace(self.NEW_NETNS):
pass
def test_in_no_namespace(self):
for namespace in ('', None):
with utils.in_namespace(namespace):
pass
self.setns_mock.assert_not_called()
self.close_mock.assert_not_called()
def test_in_namespace(self):
with utils.in_namespace(self.NEW_NETNS):
self.setns_mock.assert_called_once_with(self.NEW_NETNS)
setns_calls = [mock.call(self.NEW_NETNS), mock.call(self.ORG_NETNS_FD)]
self.setns_mock.assert_has_calls(setns_calls)
