Added methods for improving the interface to zone assignment

yast · Feb 7, 2019 · 20bd7fd · 20bd7fd
1 parent 423ba57
commit 20bd7fd
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 0 deletions.
diff --git a/library/network/src/lib/y2firewall/firewalld/interface.rb b/library/network/src/lib/y2firewall/firewalld/interface.rb
@@ -96,6 +96,15 @@ def zone
         fw.zones.find { |z| z.interfaces.include?(name) }
       end
 
+      # Assign the interface to the given zone
+      #
+      # @param zone_name [String] the name of the zone to be assigned to
+      def zone=(zone_name)
+        fw.zones.map { |z| z.remove_interface(name) if z.interfaces.include?(name) }
+        z = fw.find_zone(zone_name)
+        z && z.add_interface(name)
+      end
+
     private
 
       # Return an instance of Y2Firewall::Firewalld

diff --git a/library/network/src/lib/y2firewall/firewalld/zone.rb b/library/network/src/lib/y2firewall/firewalld/zone.rb
@@ -136,6 +136,15 @@ def add_interface!(interface)
         api.change_interface(name, interface)
       end
 
+      # Assign the interface to the zone removing it previously from any other
+      # zone that was including it.
+      #
+      # @param interface [String] interface name
+      def change_interface(interface)
+        firewalld.zones.each { |z| z.remove_interface(interface) }
+        add_interface(interface)
+      end
+
     private
 
       # Convenience method which return an instance of Y2Firewall::Firewalld

diff --git a/library/network/test/y2firewall/firewalld/interface_test.rb b/library/network/test/y2firewall/firewalld/interface_test.rb
@@ -123,4 +123,27 @@
       end
     end
   end
+
+  describe "#zone=" do
+    let(:public_zone) { Y2Firewall::Firewalld::Zone.new(name: "public") }
+    let(:dmz_zone) { Y2Firewall::Firewalld::Zone.new(name: "dmz") }
+
+    before do
+      allow(Y2Firewall::Firewalld.instance).to receive(:zones)
+        .and_return([public_zone, dmz_zone])
+      public_zone.interfaces = ["eth1"]
+      dmz_zone.interfaces = ["eth0"]
+    end
+
+    it "removes the interface from the zones that include the interface" do
+      iface.zone = "public"
+      expect(dmz_zone.interfaces).to be_empty
+    end
+
+    it "adds the interface to the given zone" do
+      expect(public_zone.interfaces).to_not include("eth0")
+      iface.zone = "public"
+      expect(public_zone.interfaces).to include("eth0")
+    end
+  end
 end
diff --git a/library/network/test/y2firewall/firewalld/zone_test.rb b/library/network/test/y2firewall/firewalld/zone_test.rb
@@ -178,4 +178,26 @@
       end
     end
   end
+
+  describe "#change_interface" do
+    subject { described_class.new(name: "test") }
+    let(:public_zone) { Y2Firewall::Firewalld::Zone.new(name: "public") }
+    let(:dmz_zone) { Y2Firewall::Firewalld::Zone.new(name: "dmz") }
+
+    before do
+      allow(firewalld).to receive(:zones).and_return([public_zone, dmz_zone, subject])
+      public_zone.interfaces = ["eth1 bond0"]
+      dmz_zone.interfaces = ["eth0"]
+    end
+
+    it "removes the given interface from other zones" do
+      subject.change_interface("eth0")
+      expect(dmz_zone.interfaces).to be_empty
+    end
+
+    it "adds the given interface to this zone" do
+      subject.change_interface("eth0")
+      expect(subject.interfaces).to include("eth0")
+    end
+  end
 end