Python modify_access示例

示例#1

def setup_ufw():
    """Setup UFW firewall to ensure only swift-storage clients and storage
    peers have access to the swift daemons.

    :side effect: calls several external functions
    :return: None
    """

    if not config('enable-firewall'):
        log("Firewall has been administratively disabled", "DEBUG")
        return

    ports = [config('object-server-port'),
             config('container-server-port'),
             config('account-server-port')]

    # Storage peers
    allowed_hosts = RsyncContext()().get('allowed_hosts', '').split(' ')

    # Storage clients (swift-proxy)
    allowed_hosts += [get_host_ip(ingress_address(rid=u.rid, unit=u.unit))
                      for u in iter_units_for_relation_name('swift-storage')]

    # Grant access for peers and clients
    for host in allowed_hosts:
        for port in ports:
            grant_access(host, port)

    # Default deny for storage ports
    for port in ports:
        ufw.modify_access(src=None, dst='any', port=port,
                          proto='tcp', action='reject')

示例#2

文件： test_ufw.py 项目： yan0s/charm-helpers

 def test_modify_access_delete_index(self, popen, log, is_enabled):
     is_enabled.return_value = True
     p = mock.Mock()
     p.configure_mock(**{'communicate.return_value': ('stdout', 'stderr'),
                         'returncode': 0})
     popen.return_value = p
     ufw.modify_access(None, dst=None, action='delete', index=42)
     popen.assert_any_call(['ufw', '--force', 'delete', '42'],
                           stdout=subprocess.PIPE)

示例#3

文件： test_ufw.py 项目： yan0s/charm-helpers

 def test_modify_access_comment(self, popen, log, is_enabled):
     is_enabled.return_value = True
     p = mock.Mock()
     p.configure_mock(**{'communicate.return_value': ('stdout', 'stderr'),
                         'returncode': 0})
     popen.return_value = p
     ufw.modify_access('127.0.0.1', dst='127.0.0.1', port='80',
                       comment='No comment')
     popen.assert_any_call(['ufw', 'allow', 'from', '127.0.0.1',
                            'to', '127.0.0.1', 'port', '80',
                            'comment', 'No comment'],
                           stdout=subprocess.PIPE)

示例#4

    def test_modify_access_allow_set_port(self, popen, log, is_enabled):
        is_enabled.return_value = True
        p = mock.Mock()
        p.configure_mock(**{'communicate.return_value': ('stdout', 'stderr'),
                            'returncode': 0})
        popen.return_value = p

        ufw.modify_access('127.0.0.1', port='80')
        popen.assert_any_call(['ufw', 'allow', 'from', '127.0.0.1', 'to',
                               'any', 'port', '80'], stdout=subprocess.PIPE)
        log.assert_any_call(('ufw allow: ufw allow from 127.0.0.1 '
                             'to any port 80'), level='DEBUG')
        log.assert_any_call('stdout', level='INFO')

示例#5

 def test_modify_access_ufw_is_disabled(self, check_output, log,
                                        is_enabled):
     is_enabled.return_value = False
     ufw.modify_access('127.0.0.1')
     log.assert_any_call('ufw is disabled, skipping modify_access()',
                         level='WARN')