valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 17:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New features and updated unittests for new features

Browse Source
This commit is contained in:
Damian Myerscough 2015-04-04 16:01:03 -07:00
parent aefa84ae8e
commit 38ce75300c
2 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
salt/modules/firewalld.py
View File

@ -525,6 +525,8 @@ def list_port_fwd(zone):
'''
List port forwarding
.. versionadded:: Beryllium
CLI Example:
.. code-block::
@ -544,3 +546,79 @@ def list_port_fwd(zone):
)
return ret
def get_icmp_types():
'''
List all the available ICMP types
.. versionadded:: Beryllium
CLI Example:
.. code-block::
salt '*' firewalld.get_icmp_types
'''
return __firewall_cmd('--get-icmptypes').split()
def block_icmp(zone, icmp):
'''
Block a specific ICMP type on a zone
.. versionadded:: Beryllium
CLI Example:
.. code-block::
salt '*' firewalld.block_icmp zone echo-reply
'''
if icmp not in get_icmp_types():
log.error('Invalid ICMP type')
return False
if icmp in list_icmp_block(zone):
log.info('ICMP block already exists')
return 'success'
return __firewall_cmd('--zone={0} --add-icmp-block={1}'.format(zone, icmp))
def allow_icmp(zone, icmp):
'''
Allow a specific ICMP type on a zone
.. versionadded:: Beryllium
CLI Example:
.. code-block::
salt '*' firewalld.allow_icmp zone echo-reply
'''
if icmp not in get_icmp_types():
log.error('Invalid ICMP type')
return False
if icmp not in list_icmp_block(zone):
log.info('ICMP Type is already permitted')
return 'success'
return __firewall_cmd('--zone={0} --remove-icmp-block={1}'.format(zone, icmp))
def list_icmp_block(zone):
'''
List ICMP blocks on a zone
.. versionadded:: Beryllium
CLI Example:
.. code-block::
salt '*' firewlld.list_icmp_block zone
'''
return __firewall_cmd('--zone={0} --list-icmp-blocks'.format(zone)).split()

42
tests/unit/modules/firewalld_test.py
View File

@ -236,6 +236,48 @@ class FirewalldTestCase(TestCase):
with patch.object(firewalld, '__firewall_cmd', return_value=ret):
self.assertEqual(firewalld.list_port_fwd('zone'), exp)
def test_get_icmp_types(self):
'''
List all available ICMP types
'''
ret = 'echo-reply echo-request parameter-problem redirect'
exp = ['echo-reply', 'echo-request', 'parameter-problem', 'redirect']
with patch.object(firewalld, '__firewall_cmd', return_value=ret):
self.assertEqual(firewalld.get_icmp_types(), exp)
def test_block_icmp(self):
'''
Test ICMP block
'''
with patch.object(firewalld, '__firewall_cmd', return_value='success'):
with patch.object(firewalld, 'get_icmp_types', return_value='echo-reply'):
self.assertEqual(firewalld.block_icmp('zone', 'echo-reply'), 'success')
with patch.object(firewalld, '__firewall_cmd'):
self.assertFalse(firewalld.block_icmp('zone', 'echo-reply'))
def test_allow_icmp(self):
'''
Test ICMP allow
'''
with patch.object(firewalld, '__firewall_cmd', return_value='success'):
with patch.object(firewalld, 'get_icmp_types', return_value='echo-reply'):
self.assertEqual(firewalld.allow_icmp('zone', 'echo-reply'), 'success')
with patch.object(firewalld, '__firewall_cmd', return_value='success'):
self.assertFalse(firewalld.allow_icmp('zone', 'echo-reply'))
def test_list_icmp_block(self):
'''
Test ICMP block list
'''
ret = 'echo-reply echo-request'
exp = ['echo-reply', 'echo-request']
with patch.object(firewalld, '__firewall_cmd', return_value=ret):
self.assertEqual(firewalld.list_icmp_block('zone'), exp)
if __name__ == '__main__':
from integration import run_tests
run_tests(FirewalldTestCase, needs_daemon=False)