Commit Graph

3 Commits

Author SHA1 Message Date
Stanislav Levin
4352bd5a50 pylint: Fix cyclic-import
Most of `cyclic-import` issues reported by Pylint are false-positive
and they are already handled in the code, but several ones are the
actual errors.

Fixes: https://pagure.io/freeipa/issue/9232
Fixes: https://pagure.io/freeipa/issue/9278
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2023-01-10 08:30:58 +01:00
Stanislav Levin
ba162b9b47 ipatests: Mark firewalld commands as no-op on non-firewalld distros
The FreeIPA integration tests strictly require Firewalld.
But not all the distros have such or any other high-level tool
for managing a firewall. Thus, to run integration tests on such systems
NoOpFirewall class has been added, which provides no-op firewalld
commands.

Fixes: https://pagure.io/freeipa/issue/8261
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: François Cami <fcami@redhat.com>
2020-04-08 16:33:35 +02:00
Thomas Woerner
fc70c78e45 New firewall support class in ipatests/pytest_ipa/integration/firewall
The new Firewall class provides methods to enable and disable a service,
service lists and also methods to apply a passthrough rule, also to add,
prepend and also remove a list of passthrough rules:

class Firewall
    __init__(host)
        Initialize with host where firewall changes should be applied
        Unmasks, enables and starts firewalld

    enable_service(service)
        Enable firewall service in firewalld runtime and permanent
        environment

    disable_service(service)
        Disable firewall service in firewalld runtime and permanent
        environment

    enable_services(services)
        Enable list of firewall services in firewalld runtime and
        permanent environment

    disable_services(services)
        Disable list of firewall services in firewalld runtime and
        permanent environment

    passthrough_rule(rule, ipv=None)
        Generic method to get direct passthrough rules to firewalld
        rule is an ip[6]tables rule without using the ip[6]tables command.
        The rule will per default be added to the IPv4 and IPv6 firewall.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set properly.
        The rule is added to the direct sub chain of the chain that is
        used in the rule

    add_passthrough_rules(rules, ipv=None)
        Add passthough rules to the end of the chain
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

    prepend_passthrough_rules(rules, ipv=None)
        Insert passthough rules starting at position 1 as a block
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

    remove_passthrough_rules(rules, ipv=None)
        Remove passthrough rules
        rules is a list of ip[6]tables rules, where the first entry of each
        rule is the chain. No --append/-A, --delete/-D should be added
        before the chain name, beacuse these are added by the method.
        If there are IP version specific parts in the rule, please make
        sure that ipv is set to either ipv4 or ipv6.

See: https://pagure.io/freeipa/issue/7755
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2018-12-03 11:26:08 +01:00