Python ensure_rule示例

示例#1

def test_ensure_rule_already_exists():
    with mock.patch.object(
        iptables, 'list_chain', return_value=(
            EMPTY_RULE._replace(target='DROP'),
            EMPTY_RULE._replace(src='10.0.0.0/255.255.255.0'),
        ),
    ), mock.patch.object(
        iptables, 'insert_rule', autospec=True,
    ) as mock_insert_rule:
        iptables.ensure_rule(
            'PAASTA.service', EMPTY_RULE._replace(target='DROP'),
        )

    assert mock_insert_rule.called is False

示例#2

文件： test_iptables.py 项目： zaitsevlab/paasta

def test_ensure_rule_already_exists():
    with mock.patch.object(
            iptables,
            "list_chain",
            return_value=(
                EMPTY_RULE._replace(target="DROP"),
                EMPTY_RULE._replace(src="10.0.0.0/255.255.255.0"),
            ),
    ), mock.patch.object(iptables, "insert_rule",
                         autospec=True) as mock_insert_rule:
        iptables.ensure_rule("PAASTA.service",
                             EMPTY_RULE._replace(target="DROP"))

    assert mock_insert_rule.called is False

示例#3

def test_ensure_rule_does_not_exist():
    with mock.patch.object(
        iptables, 'list_chain', return_value=(
            EMPTY_RULE._replace(target='ACCEPT'),
            EMPTY_RULE._replace(src='10.0.0.0/255.255.255.0'),
        ),
    ), mock.patch.object(
        iptables, 'insert_rule', autospec=True,
    ) as mock_insert_rule:
        iptables.ensure_rule(
            'PAASTA.service', EMPTY_RULE._replace(target='DROP'),
        )

    assert mock_insert_rule.mock_calls == [
        mock.call('PAASTA.service', EMPTY_RULE._replace(target='DROP')),
    ]

示例#4

文件： test_iptables.py 项目： zaitsevlab/paasta

def test_ensure_rule_does_not_exist():
    with mock.patch.object(
            iptables,
            "list_chain",
            return_value=(
                EMPTY_RULE._replace(target="ACCEPT"),
                EMPTY_RULE._replace(src="10.0.0.0/255.255.255.0"),
            ),
    ), mock.patch.object(iptables, "insert_rule",
                         autospec=True) as mock_insert_rule:
        iptables.ensure_rule("PAASTA.service",
                             EMPTY_RULE._replace(target="DROP"))

    assert mock_insert_rule.mock_calls == [
        mock.call("PAASTA.service", EMPTY_RULE._replace(target="DROP"))
    ]

示例#5

def ensure_dispatch_chains(service_chains):
    paasta_rules = set(
        itertools.chain.from_iterable(
            (dispatch_rule(chain, mac) for mac in macs)
            for chain, macs in service_chains.items()))
    iptables.ensure_chain('PAASTA', paasta_rules)

    jump_to_paasta = iptables.Rule(
        protocol='ip',
        src='0.0.0.0/0.0.0.0',
        dst='0.0.0.0/0.0.0.0',
        target='PAASTA',
        matches=(),
        target_parameters=(),
    )
    iptables.ensure_rule('INPUT', jump_to_paasta)
    iptables.ensure_rule('FORWARD', jump_to_paasta)

示例#6

文件： firewall.py 项目： eric-erki/An-open-distributed-platform-as-a-service

def ensure_dispatch_chains(service_chains):
    paasta_rules = set(
        itertools.chain.from_iterable(
            (dispatch_rule(chain, mac) for mac in macs)
            for chain, macs in service_chains.items()))
    iptables.ensure_chain("PAASTA", paasta_rules)

    jump_to_paasta = iptables.Rule(
        protocol="ip",
        src="0.0.0.0/0.0.0.0",
        dst="0.0.0.0/0.0.0.0",
        target="PAASTA",
        matches=(),
        target_parameters=(),
    )
    iptables.ensure_rule("INPUT", jump_to_paasta)
    iptables.ensure_rule("FORWARD", jump_to_paasta)