def test_ensure_common_chain():
with mock.patch.object(iptables, 'ensure_chain', autospec=True) as m:
firewall._ensure_common_chain()
call, = m.call_args_list
args, _ = call
assert args[0] == 'PAASTA-COMMON'
assert args[1] == (
EMPTY_RULE._replace(
target='ACCEPT',
matches=(
('conntrack', (('ctstate', ('ESTABLISHED',)),)),
),
),
EMPTY_RULE._replace(
dst='169.254.255.254/255.255.255.255',
target='ACCEPT',
protocol='tcp',
matches=(
('comment', (('comment', ('scribed',)),)),
('tcp', (('dport', ('1463',)),)),
),
),
EMPTY_RULE._replace(
dst='169.254.255.254/255.255.255.255',
target='ACCEPT',
protocol='udp',
matches=(
('comment', (('comment', ('metrics-relay',)),)),
('udp', (('dport', ('8125',)),)),
),
),
EMPTY_RULE._replace(
dst='169.254.255.254/255.255.255.255',
target='ACCEPT',
protocol='tcp',
matches=(
('comment', (('comment', ('sensu',)),)),
('tcp', (('dport', ('3030',)),)),
),
),
EMPTY_RULE._replace(target='PAASTA-DNS'),
)
def test_ensure_common_chain():
with mock.patch.object(iptables, "ensure_chain", autospec=True) as m:
firewall._ensure_common_chain()
(call, ) = m.call_args_list
args, _ = call
assert args[0] == "PAASTA-COMMON"
assert args[1] == (
EMPTY_RULE._replace(target="ACCEPT",
matches=(("conntrack",
(("ctstate", ("ESTABLISHED", )), )), )),
EMPTY_RULE._replace(
dst="169.254.255.254/255.255.255.255",
target="ACCEPT",
protocol="tcp",
matches=(
("comment", (("comment", ("scribed", )), )),
("tcp", (("dport", ("1463", )), )),
),
),
EMPTY_RULE._replace(
dst="169.254.255.254/255.255.255.255",
target="ACCEPT",
protocol="udp",
matches=(
("comment", (("comment", ("metrics-relay", )), )),
("udp", (("dport", ("8125", )), )),
),
),
EMPTY_RULE._replace(
dst="169.254.255.254/255.255.255.255",
target="ACCEPT",
protocol="tcp",
matches=(
("comment", (("comment", ("sensu", )), )),
("tcp", (("dport", ("3030", )), )),
),
),
EMPTY_RULE._replace(target="PAASTA-DNS"),
)