Master bnc 1089855 (#62)

* checking semantic while importing AY settings

package/yast2-firewall.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Apr 27 16:35:19 CEST 2018 - schubi@suse.de
+
+- AutoYaST: Report whether an interface has been defined
+  in more than one zone (bnc#1099855).
+- 4.0.25
+
 -------------------------------------------------------------------
 Sat Apr 21 07:35:42 UTC 2018 - knut.anderssen@suse.com
 

package/yast2-firewall.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.0.24
+Version:        4.0.25
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

src/lib/y2firewall/clients/auto.rb

@@ -34,6 +34,7 @@ class Auto < ::Installation::AutoClient
       include Yast::Logger
 
       Yast.import "HTML"
+      Yast.import "AutoInstall"
 
       class << self
         # @return [Boolean] whether the AutoYaST configuration has been
@@ -88,6 +89,7 @@ def import(profile)
         enable if profile.fetch("enable_firewall", settings.enable_firewall)
         start if profile.fetch("start_firewall", false)
         importer.import(profile)
+        check_profile_for_errors
         imported
       end
 
@@ -150,6 +152,21 @@ def modified?
 
     private
 
+      # Semantic AutoYaST profile check
+      #
+      # Problems will be stored in AutoInstall.issues_list.
+      def check_profile_for_errors
+        # Checking if an interface has been defined for different zones
+        zones = firewalld.export["zones"] || []
+        all_interfaces = zones.flat_map { |zone| zone["interfaces"] || [] }
+        double_entries = all_interfaces.select { |i| all_interfaces.count(i) > 1 }.uniq
+        unless double_entries.empty?
+          AutoInstall.issues_list.add(:invalid_value, "firewall", "interfaces",
+            double_entries.join(","),
+            _("This interface has been defined for more than one zone."))
+        end
+      end
+
       # Depending on the profile it activates or deactivates the firewalld
       # service
       def activate_service

test/lib/y2firewall/clients/auto_test.rb

@@ -105,8 +105,12 @@
   end
 
   describe "#import" do
+    let(:i_list) { double("IssuesList", add: nil) }
+
     let(:arguments) do
-      { "FW_MASQUERADE" => "yes", "enable_firewall" => false, "start_firewall" => false }
+      { "FW_MASQUERADE"   => "yes",
+        "enable_firewall" => false,
+        "start_firewall"  => false }
     end
 
     it "reads the current firewalld configuration" do
@@ -118,6 +122,7 @@
     context "when the current configuration was read correctly" do
       before do
         allow(firewalld).to receive(:read).and_return(true)
+        allow(Yast::AutoInstall).to receive(:issues_list).and_return(i_list)
       end
 
       it "pass its arguments to the firewalld importer" do
@@ -134,6 +139,17 @@
         subject.import(arguments)
         expect(subject.class.imported).to eq(true)
       end
+
+      it "reports that an interface has been defined twice in zones" do
+        expect(firewalld).to receive(:export)
+          .and_return("zones" => [{ "interfaces" => ["eth0"], "name" => "public" },
+                                  { "interfaces" => ["eth0", "eth0"], "name" => "trusted" }])
+        expect(i_list).to receive(:add)
+          .with(:invalid_value, "firewall", "interfaces",
+            "eth0",
+            "This interface has been defined for more than one zone.")
+        subject.import(arguments)
+      end
     end
 
     context "when the current configuration was not read" do