Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
salt.21867
fix-save-for-iptables-state-module-bsc-1185131-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-save-for-iptables-state-module-bsc-1185131-370.patch of Package salt.21867
From 746e50f05a813edf63127fa6b7ed9f602d99c503 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <35733135+vzhestkov@users.noreply.github.com> Date: Thu, 24 Jun 2021 13:19:31 +0300 Subject: [PATCH] Fix save for iptables state module (bsc#1185131) (#370) --- salt/states/iptables.py | 82 +++++++++++++++----------- tests/unit/states/test_iptables.py | 92 ++++++++++++++++++++++++++++-- 2 files changed, 134 insertions(+), 40 deletions(-) diff --git a/salt/states/iptables.py b/salt/states/iptables.py index 872862ece2..6c4f4c2389 100644 --- a/salt/states/iptables.py +++ b/salt/states/iptables.py @@ -411,7 +411,7 @@ def append(name, table='filter', family='ipv4', **kwargs): if save: if save_file is True: save_file = None - __salt__['iptables.save'](save_file, family=family) + __salt__['iptables.save'](filename=save_file, family=family) if not ret['changes']['locale']: del ret['changes']['locale'] ret['comment'] = '\n'.join(comments) @@ -438,7 +438,10 @@ def append(name, table='filter', family='ipv4', **kwargs): filename = kwargs['save'] else: filename = None - saved_rules = __salt__['iptables.get_saved_rules'](family=family) + saved_rules = __salt__['iptables.get_saved_rules']( + conf_file=filename, + family=family + ) _rules = __salt__['iptables.get_rules'](family=family) __rules = [] for table in _rules: @@ -450,7 +453,7 @@ def append(name, table='filter', family='ipv4', **kwargs): __saved_rules.append(saved_rules[table][chain].get('rules')) # Only save if rules in memory are different than saved rules if __rules != __saved_rules: - out = __salt__['iptables.save'](filename, family=family) + out = __salt__['iptables.save'](filename=filename, family=family) ret['comment'] += ('\nSaved iptables rule {0} for {1}\n' '{2}\n{3}').format(name, family, command.strip(), out) return ret @@ -467,15 +470,14 @@ def append(name, table='filter', family='ipv4', **kwargs): name, command.strip(), family) - if 'save' in kwargs: - if kwargs['save']: - if kwargs['save'] is not True: - filename = kwargs['save'] - else: - filename = None - out = __salt__['iptables.save'](filename, family=family) - ret['comment'] = ('Set and saved iptables rule {0} for {1}\n' - '{2}\n{3}').format(name, family, command.strip(), out) + if 'save' in kwargs and kwargs['save']: + if kwargs['save'] is not True: + filename = kwargs['save'] + else: + filename = None + out = __salt__['iptables.save'](filename=filename, family=family) + ret['comment'] = ('Set and saved iptables rule {0} for {1}\n' + '{2}\n{3}').format(name, family, command.strip(), out) return ret else: ret['result'] = False @@ -543,7 +545,7 @@ def insert(name, table='filter', family='ipv4', **kwargs): if save: if save_file is True: save_file = None - __salt__['iptables.save'](save_file, family=family) + __salt__['iptables.save'](filename=save_file, family=family) if not ret['changes']['locale']: del ret['changes']['locale'] ret['comment'] = '\n'.join(comments) @@ -570,7 +572,10 @@ def insert(name, table='filter', family='ipv4', **kwargs): filename = kwargs['save'] else: filename = None - saved_rules = __salt__['iptables.get_saved_rules'](family=family) + saved_rules = __salt__['iptables.get_saved_rules']( + conf_file=filename, + family=family + ) _rules = __salt__['iptables.get_rules'](family=family) __rules = [] for table in _rules: @@ -582,7 +587,7 @@ def insert(name, table='filter', family='ipv4', **kwargs): __saved_rules.append(saved_rules[table][chain].get('rules')) # Only save if rules in memory are different than saved rules if __rules != __saved_rules: - out = __salt__['iptables.save'](filename, family=family) + out = __salt__['iptables.save'](filename=filename, family=family) ret['comment'] += ('\nSaved iptables rule {0} for {1}\n' '{2}\n{3}').format(name, family, command.strip(), out) return ret @@ -599,11 +604,14 @@ def insert(name, table='filter', family='ipv4', **kwargs): name, command.strip(), family) - if 'save' in kwargs: - if kwargs['save']: - out = __salt__['iptables.save'](filename=None, family=family) - ret['comment'] = ('Set and saved iptables rule {0} for {1}\n' - '{2}\n{3}').format(name, family, command.strip(), out) + if 'save' in kwargs and kwargs['save']: + if kwargs['save'] is not True: + filename = kwargs['save'] + else: + filename = None + out = __salt__['iptables.save'](filename=filename, family=family) + ret['comment'] = ('Set and saved iptables rule {0} for {1}\n' + '{2}\n{3}').format(name, family, command.strip(), out) return ret else: ret['result'] = False @@ -666,7 +674,7 @@ def delete(name, table='filter', family='ipv4', **kwargs): if save: if save_file is True: save_file = None - __salt__['iptables.save'](save_file, family=family) + __salt__['iptables.save'](filename=save_file, family=family) if not ret['changes']['locale']: del ret['changes']['locale'] ret['comment'] = '\n'.join(comments) @@ -717,11 +725,14 @@ def delete(name, table='filter', family='ipv4', **kwargs): ret['comment'] = 'Delete iptables rule for {0} {1}'.format( name, command.strip()) - if 'save' in kwargs: - if kwargs['save']: - out = __salt__['iptables.save'](filename=None, family=family) - ret['comment'] = ('Deleted and saved iptables rule {0} for {1}\n' - '{2}\n{3}').format(name, family, command.strip(), out) + if 'save' in kwargs and kwargs['save']: + if kwargs['save'] is not True: + filename = kwargs['save'] + else: + filename = None + out = __salt__['iptables.save'](filename=filename, family=family) + ret['comment'] = ('Deleted and saved iptables rule {0} for {1}\n' + '{2}\n{3}').format(name, family, command.strip(), out) return ret else: ret['result'] = False @@ -785,14 +796,17 @@ def set_policy(name, table='filter', family='ipv4', **kwargs): kwargs['policy'], family ) - if 'save' in kwargs: - if kwargs['save']: - __salt__['iptables.save'](filename=None, family=family) - ret['comment'] = 'Set and saved default policy for {0} to {1} family {2}'.format( - kwargs['chain'], - kwargs['policy'], - family - ) + if 'save' in kwargs and kwargs['save']: + if kwargs['save'] is not True: + filename = kwargs['save'] + else: + filename = None + __salt__['iptables.save'](filename=filename, family=family) + ret['comment'] = 'Set and saved default policy for {0} to {1} family {2}'.format( + kwargs['chain'], + kwargs['policy'], + family + ) return ret else: ret['result'] = False diff --git a/tests/unit/states/test_iptables.py b/tests/unit/states/test_iptables.py index 90afa1ea3e..7168f33161 100644 --- a/tests/unit/states/test_iptables.py +++ b/tests/unit/states/test_iptables.py @@ -118,7 +118,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): with patch.object(iptables, '_STATE_INTERNAL_KEYWORDS', mock): mock = MagicMock(return_value='a') with patch.dict(iptables.__salt__, {'iptables.build_rule': mock}): - mock = MagicMock(side_effect=[True, False, False, False]) + mock = MagicMock(side_effect=[True, False, False, False, False, True]) with patch.dict(iptables.__salt__, {'iptables.check': mock}): ret.update({'comment': 'iptables rule for salt' ' already set (a) for ipv4', @@ -136,7 +136,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): chain=''), ret) with patch.dict(iptables.__opts__, {'test': False}): - mock = MagicMock(side_effect=[True, False]) + mock = MagicMock(side_effect=[True, False, True, True]) with patch.dict(iptables.__salt__, {'iptables.append': mock}): ret.update({'changes': {'locale': 'salt'}, @@ -158,6 +158,33 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): chain=''), ret) + mock_save = MagicMock(side_effect=['Wrote 1 lines to "/tmp/iptables"', '']) + with patch.dict(iptables.__salt__, + {'iptables.save': mock_save}): + mock_get_saved_rules = MagicMock(side_effect=['']) + with patch.dict(iptables.__salt__, + {'iptables.get_saved_rules': mock_get_saved_rules}): + mock = MagicMock(side_effect=['']) + with patch.dict(iptables.__salt__, + {'iptables.get_rules': mock}): + ret.update({'changes': {'locale': 'salt'}, + 'result': True, + 'comment': 'Set and saved iptables rule' + ' salt for ipv4\na\nWrote 1 lines to "/tmp/iptables"'}) + self.assertDictEqual(iptables.append('salt', + table='', chain='', + save='/tmp/iptables'), + ret) + ret.update({'changes': {}, + 'result': True, + 'comment': 'iptables rule for salt already set (a) for ipv4'}) + self.assertDictEqual(iptables.append('salt', + table='', chain='', + save='/tmp/iptables'), + ret) + self.assertEqual(mock_get_saved_rules.mock_calls[0][2]['conf_file'], '/tmp/iptables') + self.assertEqual(mock_save.mock_calls[0][2]['filename'], '/tmp/iptables') + def test_insert(self): ''' Test to insert a rule into a chain @@ -173,7 +200,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): with patch.object(iptables, '_STATE_INTERNAL_KEYWORDS', mock): mock = MagicMock(return_value='a') with patch.dict(iptables.__salt__, {'iptables.build_rule': mock}): - mock = MagicMock(side_effect=[True, False, False, False]) + mock = MagicMock(side_effect=[True, False, False, False, False, True]) with patch.dict(iptables.__salt__, {'iptables.check': mock}): ret.update({'comment': 'iptables rule for salt' ' already set for ipv4 (a)', @@ -191,7 +218,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): chain=''), ret) with patch.dict(iptables.__opts__, {'test': False}): - mock = MagicMock(side_effect=[False, True]) + mock = MagicMock(side_effect=[False, True, False, True]) with patch.dict(iptables.__salt__, {'iptables.insert': mock}): ret.update({'changes': {'locale': 'salt'}, @@ -215,6 +242,33 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): position=''), ret) + mock_save = MagicMock(side_effect=['Wrote 1 lines to "/tmp/iptables"', '']) + with patch.dict(iptables.__salt__, + {'iptables.save': mock_save}): + mock_get_saved_rules = MagicMock(side_effect=['']) + with patch.dict(iptables.__salt__, + {'iptables.get_saved_rules': mock_get_saved_rules}): + mock = MagicMock(side_effect=['']) + with patch.dict(iptables.__salt__, + {'iptables.get_rules': mock}): + ret.update({'changes': {'locale': 'salt'}, + 'result': True, + 'comment': 'Set and saved iptables rule' + ' salt for ipv4\na\nWrote 1 lines to "/tmp/iptables"'}) + self.assertDictEqual(iptables.insert('salt', + table='', chain='', position='', + save='/tmp/iptables'), + ret) + ret.update({'changes': {}, + 'result': True, + 'comment': 'iptables rule for salt already set for ipv4 (a)'}) + self.assertDictEqual(iptables.insert('salt', + table='', chain='', position='', + save='/tmp/iptables'), + ret) + self.assertEqual(mock_get_saved_rules.mock_calls[0][2]['conf_file'], '/tmp/iptables') + self.assertEqual(mock_save.mock_calls[0][2]['filename'], '/tmp/iptables') + def test_delete(self): ''' Test to delete a rule to a chain @@ -230,7 +284,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): with patch.object(iptables, '_STATE_INTERNAL_KEYWORDS', mock): mock = MagicMock(return_value='a') with patch.dict(iptables.__salt__, {'iptables.build_rule': mock}): - mock = MagicMock(side_effect=[False, True, True, True]) + mock = MagicMock(side_effect=[False, True, True, True, True, False]) with patch.dict(iptables.__salt__, {'iptables.check': mock}): ret.update({'comment': 'iptables rule for salt' ' already absent for ipv4 (a)', @@ -248,7 +302,7 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): chain=''), ret) with patch.dict(iptables.__opts__, {'test': False}): - mock = MagicMock(side_effect=[False, True]) + mock = MagicMock(side_effect=[False, True, False, True, False]) with patch.dict(iptables.__salt__, {'iptables.delete': mock}): ret.update({'result': True, @@ -272,6 +326,32 @@ class IptablesTestCase(TestCase, LoaderModuleMockMixin): position=''), ret) + mock_save = MagicMock(side_effect=['Wrote 1 lines to "/tmp/iptables"', '']) + with patch.dict(iptables.__salt__, + {'iptables.save': mock_save}): + mock = MagicMock(side_effect=[True, False]) + with patch.dict(iptables.__salt__, + {'iptables.check': mock}): + mock = MagicMock(side_effect=['']) + with patch.dict(iptables.__salt__, + {'iptables.get_rules': mock}): + ret.update({'changes': {'locale': 'salt'}, + 'result': True, + 'comment': 'Deleted and saved iptables rule' + ' salt for ipv4\na\nWrote 1 lines to "/tmp/iptables"'}) + self.assertDictEqual(iptables.delete('salt', + table='', chain='', + save='/tmp/iptables'), + ret) + ret.update({'changes': {}, + 'result': True, + 'comment': 'iptables rule for salt already absent for ipv4 (a)'}) + self.assertDictEqual(iptables.delete('salt', + table='', chain='', + save='/tmp/iptables'), + ret) + self.assertEqual(mock_save.mock_calls[0][2]['filename'], '/tmp/iptables') + def test_set_policy(self): ''' Test to sets the default policy for iptables firewall tables -- 2.32.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor