Merge 4bf1085 into 7f4762c

package/yast2-dhcp-server.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Oct  9 14:53:26 CEST 2018 - schubi@suse.de
+
+- Adapting to new firewall API (bsc#1108942)
+- 4.0.4
+
 -------------------------------------------------------------------
 Mon Aug 13 10:32:56 UTC 2018 - igonzalezsosa@suse.com
 

package/yast2-dhcp-server.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2-dhcp-server
-Version:        4.0.3
+Version:        4.0.4
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -29,10 +29,12 @@ BuildRequires:	perl-Digest-SHA1 perl-X500-DN perl-XML-Writer docbook-xsl-stylesh
 BuildRequires:  yast2-devtools >= 3.1.10
 # UI::ServiceStatus
 BuildRequires:  yast2 >= 3.1.161
+BuildRequires:  rubygem(%rb_default_ruby_abi:rspec)
+BuildRequires:  rubygem(%rb_default_ruby_abi:yast-rake)
 
 Requires:       perl-gettext yast2-perl-bindings bind-utils perl-X500-DN yast2-ldap perl-Digest-SHA1 perl-Parse-RecDescent
-# UI::ServiceStatus
-Requires:       yast2 >= 3.1.161
+# firewalld_wrapper.rb
+Requires:       yast2 >= 4.0.100
 # DnsServerAPI::IsServiceConfigurableExternally
 Requires:       yast2-dns-server >= 2.13.16
 
@@ -49,6 +51,9 @@ configuration.
 %prep
 %setup -n %{name}-%{version}
 
+%check
+rake test:unit
+
 %build
 %yast_build
 

src/include/dhcp-server/widgets.rb

@@ -8,6 +8,8 @@
 
 require "yast"
 require "ui/service_status"
+require "y2firewall/firewalld"
+require "y2firewall/helpers/interfaces"
 
 # Representation of the configuration of dhcp-server.
 # Input and output routines.
@@ -25,7 +27,6 @@ def initialize_dhcp_server_widgets(include_target)
       Yast.import "LogView"
       Yast.import "Popup"
       Yast.import "TablePopup"
-      Yast.import "SuSEFirewall"
       Yast.import "Mode"
       Yast.import "DhcpServerUI"
     end
@@ -280,7 +281,7 @@ def ldapHandle(id, event)
     # Initialize the widget
     # @param [String] id any widget id
     def OpenFirewallInit(id)
-      enabled = SuSEFirewall.GetEnableService
+      enabled = firewalld.enabled?
       open = DhcpServer.GetOpenFirewall
       UI.ChangeWidget(Id(id), :Enabled, enabled)
       UI.ChangeWidget(Id(id), :Value, open)
@@ -303,7 +304,7 @@ def OpenFirewallStore(id, event)
     def OpenFirewallValidate(id, event)
       event = deep_copy(event)
       open = Convert.to_boolean(UI.QueryWidget(Id(id), :Value))
-      enabled = SuSEFirewall.GetEnableService
+      enabled = firewalld.enabled?
 
       if enabled && !open
         # yes-no popup
@@ -325,7 +326,7 @@ def OpenFirewallValidate(id, event)
         Builtins.foreach(@ifaces) do |ifcfg, interface|
           # interface is active
           if Ops.get_boolean(interface, "active", false) == true
-            if SuSEFirewall.GetZoneOfInterface(ifcfg) == nil
+            unless firewalld.zones.find { |z| z.interfaces.include?(ifcfg) }
               ifaces_not_in_fw = Builtins.add(ifaces_not_in_fw, ifcfg)
             end
           end
@@ -1337,5 +1338,11 @@ def InitServiceWidget
         "store"  => fun_ref(method(:store_service_status), "void (string, map)")
       }
     end
+
+  private
+
+    def firewalld
+      Y2Firewall::Firewalld.instance
+    end
   end
 end

src/modules/DhcpServer.pm

@@ -114,7 +114,7 @@ YaST::YCP::Import ("Service");
 YaST::YCP::Import ("Popup");
 YaST::YCP::Import ("Progress");
 YaST::YCP::Import ("Report");
-YaST::YCP::Import ("SuSEFirewall");
+YaST::YCP::Import ("FirewalldWrapper");
 YaST::YCP::Import ("DnsServerAPI");
 
 ##-------------------------------------------------------------------------
@@ -1496,7 +1496,7 @@ DHCP server will not be available."));
 
     if (! Mode->test ()) {
 	my $progress_orig = Progress->set (0);
-	SuSEFirewall->Read ();
+	FirewalldWrapper->read();
 	Progress->set ($progress_orig);
     }
 
@@ -1514,11 +1514,11 @@ DHCP server will not be available."));
     @allowed_interfaces = split (/ /, $ifaces_list);
 
     # if firewall is enabled
-    if (SuSEFirewall->GetEnableService()) {
+    if (FirewalldWrapper->is_enabled()) {
 	foreach my $iface (@allowed_interfaces) {
-	    my $iface_zone = SuSEFirewall->GetZoneOfInterface($iface);
+	    my $iface_zone = FirewalldWrapper->zone_name_of_interface($iface);
 	    if (defined $iface_zone) {
-		$open_firewall = SuSEFirewall->IsServiceSupportedInZone("service:dhcp-server", $iface_zone);
+		$open_firewall = FirewalldWrapper->is_service_in_zone("dhcp", $iface_zone);
 	    } else {
 		$open_firewall = 0;
 	    }
@@ -1656,7 +1656,7 @@ sub Write {
 
     my $ok = 1;
 
-    $modified = $modified || SuSEFirewall->GetModified ();
+    $modified = $modified || FirewalldWrapper->is_modified ();
 
     if (! $modified)
     {
@@ -1713,20 +1713,20 @@ sub Write {
     if (\@original_allowed_interfaces != \@allowed_interfaces) {
 	# disabling on all interfaces
 	my @all_ifaces;
-	foreach my $iface (@{SuSEFirewall->GetAllKnownInterfaces()}) {
+	foreach my $iface (@{FirewalldWrapper->all_known_interfaces() // []}) {
 	    push @all_ifaces, $iface->{'id'};
 	}
-	SuSEFirewall->SetServices (["service:dhcp-server"], \@all_ifaces, 0);
+	FirewalldWrapper->set_services (["dhcp"], \@all_ifaces, 0);
 	if ($open_firewall) {
 	    # allowing on selected interfaces
-	    SuSEFirewall->SetServices (["service:dhcp-server"], \@allowed_interfaces, 1);
+	    FirewalldWrapper->set_services (["dhcp"], \@allowed_interfaces, 1);
 	}
     }
 
     if (! Mode->test ())
     {
 	my $progress_orig = Progress->set (0);
-	SuSEFirewall->Write ();
+	FirewalldWrapper->write ();
 	Progress->set ($progress_orig);
     }
 

src/modules/DhcpServerUI.rb

@@ -23,7 +23,6 @@ def main
       Yast.import "Popup"
       Yast.import "Report"
       Yast.import "Service"
-      Yast.import "SuSEFirewall"
       Yast.import "SystemdService"
 
       @current_entry_type = ""

test/widgets_test.rb

@@ -6,12 +6,11 @@ module Yast
   class Test < Yast::Client
     def initialize
       Yast.include self, "dhcp-server/widgets.rb"
+      @ifaces = {"eth0" => {"active" => true}}
     end
   end
 end
 
-
-
 describe "Yast::DhcpServerWidgetsInclude" do
   subject { Yast::Test.new }
 
@@ -70,4 +69,46 @@ def initialize
       expect(subject.DNSZonesValidate("ddns_enable", {})).to eq true
     end
   end
+
+  describe "#OpenFirewallValidate" do
+    context "firewall not enabled" do
+      it "returns true" do
+        expect(Y2Firewall::Firewalld.instance).to receive(:enabled?).and_return(false)
+        expect(Yast::Popup).not_to receive(:YesNo)
+        expect(Yast::Report).not_to receive(:Error)
+        expect(subject.OpenFirewallValidate("widget_id",0)).to eq true
+      end
+    end
+
+    context "firewall enabled" do
+      before do
+        allow(Y2Firewall::Firewalld.instance).to receive(:enabled?).and_return(true)
+      end
+
+      context "port is not opened" do
+        before do
+          allow(Yast::UI).to receive(:QueryWidget).with(Id("open_port"), :Value)
+            .and_return(false)
+        end
+
+        it "asks for continuing" do
+          expect(Yast::Popup).to receive(:YesNo).and_return(true)
+          expect(subject.OpenFirewallValidate("open_port",0)).to eq true
+        end
+      end
+
+      context "port is opened" do
+        before do
+          allow(Yast::UI).to receive(:QueryWidget).with(Id("open_port"), :Value)
+                               .and_return(true)
+        end
+
+        it "reports interfaces which are not mentioned in any firewall zone" do
+          expect(Y2Firewall::Firewalld.instance).to receive(:zones).and_return([])
+          expect(Yast::Report).to receive(:Error)
+          expect(subject.OpenFirewallValidate("open_port",0)).to eq true
+        end
+      end
+    end
+  end
 end