Skip to content

Commit

Permalink
merged with master
Browse files Browse the repository at this point in the history
  • Loading branch information
@schubi2
schubi2 committed Jan 16, 2019
2 parents e4f3eb5 + 6bd8862 commit c24c6b7
Show file tree
Hide file tree
Showing 10 changed files with 15 additions and 300 deletions.
14 changes: 0 additions & 14 deletions library/network/src/lib/y2firewall/firewalld.rb
View file
Expand Up @@ -192,20 +192,6 @@ def apply_zones_changes!
end
end

# Return a map with current firewalld settings.
#
# @return [Hash] dump firewalld settings
def export
return {} unless installed?
{
"enable_firewall" => enabled?,
"start_firewall" => running?,
"default_zone" => default_zone,
"log_denied_packets" => log_denied_packets,
"zones" => zones.map(&:export)
}
end

# Return whether the firewalld package is installed or not
#
# @return [Boolean] true if it is installed; false otherwise
Expand Down
125 changes: 0 additions & 125 deletions library/network/src/lib/y2firewall/firewalld/api/zones.rb
View file
Expand Up @@ -81,38 +81,6 @@ def list_protocols(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-protocols", permanent: permanent).split(" ")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's sources
def list_sources(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-sources", permanent: permanent).split(" ")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's source ports
def list_source_ports(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-source-ports", permanent: permanent).split(" ")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's forward ports
def list_forward_ports(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-forward-ports", permanent: permanent).split("\n")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
# @return [Array<String>] list of zone's rich rules
def list_rich_rules(zone, permanent: permanent?)
string_command("--zone=#{zone}", "--list-rich-rules", permanent: permanent).split("\n")
end

# @param zone [String] The firewall zone
# @param permanent [Boolean] if true and firewalld is running it
# reads the permanent configuration
Expand Down Expand Up @@ -184,92 +152,6 @@ def change_interface(zone, interface, permanent: permanent?)
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param source [String] The network source
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if source was added
def add_source(zone, source, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-source=#{source}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param source [String] The network source
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if source was removed
def remove_source(zone, source, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-source=#{source}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param source [String] The network source
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if source was changed
def change_source(zone, source, permanent: permanent?)
modify_command("--zone=#{zone}", "--change-source=#{source}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was added
def add_source_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-source-port=#{port}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was removed
def remove_source_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-source-port=#{port}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network forward port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was added
def add_forward_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-forward-port=#{port}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param port [String] The network source port
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the port was removed
def remove_forward_port(zone, port, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-forward-port=#{port}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param rule [String] The firewalld rule to be added
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the rich rule was added
def add_rich_rule(zone, rule, permanent: permanent?)
modify_command("--zone=#{zone}", "--add-rich-rule=#{rule}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param rule [String] The firewalld rich rule to be removed
# @param permanent [Boolean] if true and firewalld is running it
# modifies the permanent configuration
# @return [Boolean] True if the rich rule was removed
def remove_rich_rule(zone, rule, permanent: permanent?)
modify_command("--zone=#{zone}", "--remove-rich-rule=#{rule}",
permanent: permanent)
end

# @param zone [String] The firewall zone
# @param service [String] The firewall service
# @return [Boolean] True if service is enabled in zone
Expand All @@ -291,13 +173,6 @@ def protocol_enabled?(zone, protocol, permanent: permanent?)
query_command("--zone=#{zone}", "--query-protocol=#{protocol}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param source [String] The network source
# @return [Boolean] True if the source is binded to the zone
def source_enabled?(zone, source, permanent: permanent?)
query_command("--zone=#{zone}", "--query-source=#{source}", permanent: permanent)
end

# @param zone [String] The firewall zone
# @param service [String] The firewall service
# @param permanent [Boolean] if true and firewalld is running it
Expand Down
23 changes: 3 additions & 20 deletions library/network/src/lib/y2firewall/firewalld/zone.rb
View file
Expand Up @@ -48,8 +48,9 @@ class Zone
}.freeze

# @see Y2Firewall::Firewalld::Relations
has_many :services, :interfaces, :protocols, :rich_rules, :sources,
:ports, :source_ports, :forward_ports, cache: true
# @note relations are experted to autoyast, so do not forget when modify to adapt
# schema and also autoyast importer
has_many :services, :interfaces, :protocols, :ports, cache: true

# @see Y2Firewall::Firewalld::Relations
has_attributes :name, :masquerade, :short, :description, :target, cache: true
Expand Down Expand Up @@ -127,16 +128,6 @@ def service_open?(service)
services.include?(service)
end

# Dump a hash with the zone configuration
#
# @return [Hash] zone configuration
def export
(attributes + relations)
.each_with_object({}) do |field, profile|
profile[field.to_s] = public_send(field) unless public_send(field).nil?
end
end

# Override relation method to be more defensive. An interface can only
# belong to one zone and the change method remove it before add.
#
Expand All @@ -145,14 +136,6 @@ def add_interface!(interface)
api.change_interface(name, interface)
end

# Override relation method to be more defensive. A source can only belong
# to one zone and the change method remove it before add.
#
# @param source [String] source address
def add_source!(source)
api.change_source(name, source)
end

private

# Convenience method which return an instance of Y2Firewall::Firewalld
Expand Down
7 changes: 2 additions & 5 deletions library/network/src/lib/y2firewall/firewalld/zone_reader.rb
View file
Expand Up @@ -39,7 +39,6 @@ class ZoneReader
attr_accessor :zones_definition

BOOLEAN_ATTRIBUTES = ["icmp-block-inversion", "masquerade"].freeze
MULTIPLE_ENTRIES = ["rich_rules", "forward_ports"].freeze

# Constructor
#
Expand Down Expand Up @@ -96,7 +95,7 @@ def current_zone_from(line)
zone_names.include?(attribute) ? attribute : nil
end

ATTRIBUTE_MAPPING = { "summary" => "short", "rich rules" => "rich_rules" }.freeze
ATTRIBUTE_MAPPING = { "summary" => "short" }.freeze
# Iterates over the zone entries instantiating a zone object per each of
# the entries and returning an array with all of them.
#
Expand All @@ -111,12 +110,10 @@ def initialize_zones
attribute = ATTRIBUTE_MAPPING[attribute] if ATTRIBUTE_MAPPING[attribute]
next unless zone.respond_to?("#{attribute}=")

value = MULTIPLE_ENTRIES.include?(attribute) ? entries.reject(&:empty?) : entries.first.to_s
value = entries.first.to_s

if BOOLEAN_ATTRIBUTES.include?(attribute)
zone.public_send("#{attribute}=", value == "yes" ? true : false)
elsif MULTIPLE_ENTRIES.include?(attribute)
zone.public_send("#{attribute}=", value)
elsif zone.attributes.include?(attribute.to_sym)
zone.public_send("#{attribute}=", value)
else
Expand Down
44 changes: 0 additions & 44 deletions library/network/test/y2firewall/firewalld/api/zones_test.rb
View file
Expand Up @@ -156,34 +156,6 @@
end
end

describe "#list_sources" do
it "returns the list of sources binded to the zone" do
allow(api).to receive(:string_command)
.with("--zone=test", "--list-sources", permanent: api.permanent?)
.and_return("192.168.5.0/24")

expect(api.list_sources("test")).to eql(["192.168.5.0/24"])
end
end

describe "#add_source" do
it "binds the given source with the zone" do
expect(api).to receive(:modify_command)
.with("--zone=test", "--add-source=192.168.4.0/24", permanent: api.permanent?)

api.add_source("test", "192.168.4.0/24")
end
end

describe "#remove_source" do
it "unbinds the given source from the zone" do
expect(api).to receive(:modify_command)
.with("--zone=test", "--remove-source=192.168.4.0/24", permanent: api.permanent?)

api.remove_source("test", "192.168.4.0/24")
end
end

describe "#add_service" do
it "adds the given service to the specified zone" do
expect(api).to receive(:modify_command)
Expand All @@ -207,22 +179,6 @@
end
end

describe "#source_enabled?" do
it "returns false if the source is not binded to the zone" do
allow(api).to receive(:query_command)
.with("--zone=public", "--query-source=192.168.4.0/24", permanent: api.permanent?)
.and_return(false)
expect(subject.source_enabled?("public", "192.168.4.0/24")).to eql(false)
end

it "returns true if the souce is binded by the zone" do
allow(api).to receive(:query_command)
.with("--zone=public", "--query-source=192.168.4.0/24", permanent: api.permanent?)
.and_return(true)
expect(subject.source_enabled?("public", "192.168.4.0/24")).to eql(true)
end
end

describe "#interface_zone" do
it "returns the name of the zone the interface belongs to" do
allow(api).to receive(:string_command)
Expand Down
7 changes: 0 additions & 7 deletions library/network/test/y2firewall/firewalld/zone_reader_test.rb
View file
Expand Up @@ -95,13 +95,6 @@
expect(public_zone.interfaces).to eq(["eth0", "ens3"])
expect(public_zone.ports).to include("123/udp", "530/udp")
expect(public_zone.masquerade).to eq(true)
expect(public_zone.sources).to eq(["192.168.0.0/24", "192.168.1.0/24", "192.168.2.0/24"])
expect(public_zone.rich_rules)
.to eq([
"rule service name=\"http\" accept",
"rule service name=\"https\" accept",
"rule service name=\"ssh\" accept"
])

dmz_zone = zones.find { |z| z.name == "dmz" }
expect(dmz_zone.masquerade).to eq(false)
Expand Down
35 changes: 0 additions & 35 deletions library/network/test/y2firewall/firewalld/zone_test.rb
View file
Expand Up @@ -93,31 +93,6 @@
end
end

describe "#export" do
subject { described_class.new(name: "test") }

before do
allow(subject).to receive(:interfaces).and_return(["eth0", "eth1"])
allow(subject).to receive(:services).and_return(["ssh", "samba"])
allow(subject).to receive(:ports).and_return(["80/tcp", "443/tcp"])
allow(subject).to receive(:protocols).and_return(["esp"])
allow(subject).to receive(:sources).and_return([])
allow(subject).to receive(:masquerade).and_return(true)
end

it "dumps a hash with the zone configuration" do
config = subject.export

expect(config).to be_a(Hash)
expect(config["interfaces"]).to eql(["eth0", "eth1"])
expect(config["services"]).to eql(["ssh", "samba"])
expect(config["ports"]).to eql(["80/tcp", "443/tcp"])
expect(config["protocols"]).to eql(["esp"])
expect(config["sources"]).to eql([])
expect(config["masquerade"]).to eql(true)
end
end

describe "#untouched!" do
subject { described_class.new(name: "test") }

Expand All @@ -140,16 +115,6 @@
end
end

describe "#add_source!" do
subject { described_class.new(name: "test") }

it "calls the API changing the specified source to this zone" do
expect(api).to receive(:change_source).with("test", "192.168.1.0/24")

subject.add_source!("192.168.1.0/24")
end
end

describe "#service_open?" do
it "returns whether the service is allowed or not in the zone" do
allow(subject).to receive(:services).and_return(["ssh", "vnc"])
Expand Down

0 comments on commit c24c6b7

Please sign in to comment.