|
|
@ -171,8 +171,8 @@ class TestIptables(ModuleTestCase):
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
commands_results = [
|
|
|
|
(1, '', ''),
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
(0, '', '')
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
@ -181,7 +181,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
iptables.main()
|
|
|
|
iptables.main()
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 1)
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
@ -207,8 +207,9 @@ class TestIptables(ModuleTestCase):
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
commands_results = [
|
|
|
|
(1, '', ''),
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
(0, '', '')
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
(0, '', ''),
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
@ -217,7 +218,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
iptables.main()
|
|
|
|
iptables.main()
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
self.assertEqual(run_command.call_count, 3)
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
@ -231,7 +232,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
'-j',
|
|
|
|
'-j',
|
|
|
|
'ACCEPT'
|
|
|
|
'ACCEPT'
|
|
|
|
])
|
|
|
|
])
|
|
|
|
self.assertEqual(run_command.call_args_list[1][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[2][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
|
'filter',
|
|
|
|
'filter',
|
|
|
@ -261,7 +262,8 @@ class TestIptables(ModuleTestCase):
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
commands_results = [
|
|
|
|
(1, '', ''),
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
@ -270,7 +272,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
iptables.main()
|
|
|
|
iptables.main()
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 1)
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
@ -308,8 +310,9 @@ class TestIptables(ModuleTestCase):
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
commands_results = [
|
|
|
|
(1, '', ''),
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
(0, '', '')
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
(0, '', ''),
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
@ -318,7 +321,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
iptables.main()
|
|
|
|
iptables.main()
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
self.assertEqual(run_command.call_count, 3)
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
@ -340,7 +343,7 @@ class TestIptables(ModuleTestCase):
|
|
|
|
'--to-ports',
|
|
|
|
'--to-ports',
|
|
|
|
'8600'
|
|
|
|
'8600'
|
|
|
|
])
|
|
|
|
])
|
|
|
|
self.assertEqual(run_command.call_args_list[1][0][0], [
|
|
|
|
self.assertEqual(run_command.call_args_list[2][0][0], [
|
|
|
|
'/sbin/iptables',
|
|
|
|
'/sbin/iptables',
|
|
|
|
'-t',
|
|
|
|
'-t',
|
|
|
|
'nat',
|
|
|
|
'nat',
|
|
|
@ -1006,3 +1009,184 @@ class TestIptables(ModuleTestCase):
|
|
|
|
'-m', 'set',
|
|
|
|
'-m', 'set',
|
|
|
|
'--match-set', 'banned_hosts', 'src,dst'
|
|
|
|
'--match-set', 'banned_hosts', 'src,dst'
|
|
|
|
])
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_chain_creation(self):
|
|
|
|
|
|
|
|
"""Test chain creation when absent"""
|
|
|
|
|
|
|
|
set_module_args({
|
|
|
|
|
|
|
|
'chain': 'FOOBAR',
|
|
|
|
|
|
|
|
'state': 'present',
|
|
|
|
|
|
|
|
'chain_management': True,
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
(1, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
(0, '', ''), # create_chain
|
|
|
|
|
|
|
|
(0, '', ''), # append_rule
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-C', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[1][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-L', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[2][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-N', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[3][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-A', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(0, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertFalse(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_chain_creation_check_mode(self):
|
|
|
|
|
|
|
|
"""Test chain creation when absent"""
|
|
|
|
|
|
|
|
set_module_args({
|
|
|
|
|
|
|
|
'chain': 'FOOBAR',
|
|
|
|
|
|
|
|
'state': 'present',
|
|
|
|
|
|
|
|
'chain_management': True,
|
|
|
|
|
|
|
|
'_ansible_check_mode': True,
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
(1, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-C', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[1][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-L', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(0, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertFalse(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_chain_deletion(self):
|
|
|
|
|
|
|
|
"""Test chain deletion when present"""
|
|
|
|
|
|
|
|
set_module_args({
|
|
|
|
|
|
|
|
'chain': 'FOOBAR',
|
|
|
|
|
|
|
|
'state': 'absent',
|
|
|
|
|
|
|
|
'chain_management': True,
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
(0, '', ''), # delete_chain
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-L', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[1][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-X', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertFalse(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_chain_deletion_check_mode(self):
|
|
|
|
|
|
|
|
"""Test chain deletion when present"""
|
|
|
|
|
|
|
|
set_module_args({
|
|
|
|
|
|
|
|
'chain': 'FOOBAR',
|
|
|
|
|
|
|
|
'state': 'absent',
|
|
|
|
|
|
|
|
'chain_management': True,
|
|
|
|
|
|
|
|
'_ansible_check_mode': True,
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(0, '', ''), # check_chain_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertTrue(result.exception.args[0]['changed'])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_count, 1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
|
|
|
|
|
|
|
'/sbin/iptables',
|
|
|
|
|
|
|
|
'-t', 'filter',
|
|
|
|
|
|
|
|
'-L', 'FOOBAR',
|
|
|
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
commands_results = [
|
|
|
|
|
|
|
|
(1, '', ''), # check_rule_present
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
|
|
|
|
|
|
|
run_command.side_effect = commands_results
|
|
|
|
|
|
|
|
with self.assertRaises(AnsibleExitJson) as result:
|
|
|
|
|
|
|
|
iptables.main()
|
|
|
|
|
|
|
|
self.assertFalse(result.exception.args[0]['changed'])
|
|
|
|