Most of `cyclic-import` issues reported by Pylint are false-positive
and they are already handled in the code, but several ones are the
actual errors.
Fixes: https://pagure.io/freeipa/issue/9232
Fixes: https://pagure.io/freeipa/issue/9278
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
The FreeIPA integration tests strictly require Firewalld.
But not all the distros have such or any other high-level tool
for managing a firewall. Thus, to run integration tests on such systems
NoOpFirewall class has been added, which provides no-op firewalld
commands.
Fixes: https://pagure.io/freeipa/issue/8261
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: François Cami <fcami@redhat.com>
The new Firewall class provides methods to enable and disable a service,
service lists and also methods to apply a passthrough rule, also to add,
prepend and also remove a list of passthrough rules:
class Firewall
__init__(host)
Initialize with host where firewall changes should be applied
Unmasks, enables and starts firewalld
enable_service(service)
Enable firewall service in firewalld runtime and permanent
environment
disable_service(service)
Disable firewall service in firewalld runtime and permanent
environment
enable_services(services)
Enable list of firewall services in firewalld runtime and
permanent environment
disable_services(services)
Disable list of firewall services in firewalld runtime and
permanent environment
passthrough_rule(rule, ipv=None)
Generic method to get direct passthrough rules to firewalld
rule is an ip[6]tables rule without using the ip[6]tables command.
The rule will per default be added to the IPv4 and IPv6 firewall.
If there are IP version specific parts in the rule, please make
sure that ipv is set properly.
The rule is added to the direct sub chain of the chain that is
used in the rule
add_passthrough_rules(rules, ipv=None)
Add passthough rules to the end of the chain
rules is a list of ip[6]tables rules, where the first entry of each
rule is the chain. No --append/-A, --delete/-D should be added
before the chain name, beacuse these are added by the method.
If there are IP version specific parts in the rule, please make
sure that ipv is set to either ipv4 or ipv6.
prepend_passthrough_rules(rules, ipv=None)
Insert passthough rules starting at position 1 as a block
rules is a list of ip[6]tables rules, where the first entry of each
rule is the chain. No --append/-A, --delete/-D should be added
before the chain name, beacuse these are added by the method.
If there are IP version specific parts in the rule, please make
sure that ipv is set to either ipv4 or ipv6.
remove_passthrough_rules(rules, ipv=None)
Remove passthrough rules
rules is a list of ip[6]tables rules, where the first entry of each
rule is the chain. No --append/-A, --delete/-D should be added
before the chain name, beacuse these are added by the method.
If there are IP version specific parts in the rule, please make
sure that ipv is set to either ipv4 or ipv6.
See: https://pagure.io/freeipa/issue/7755
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>