self.iptables.ipv4['filter'].add_chain(chain_name)
def _remove_chain_by_name_v4v6(self, chain_name):
- self.iptables.ipv4['filter'].ensure_remove_chain(chain_name)
- self.iptables.ipv6['filter'].ensure_remove_chain(chain_name)
+ self.iptables.ipv4['filter'].remove_chain(chain_name)
+ self.iptables.ipv6['filter'].remove_chain(chain_name)
def _add_rule_to_chain_v4v6(self, chain_name, ipv4_rules, ipv6_rules,
comment=None):
else:
return self.unwrapped_chains
- def ensure_remove_chain(self, name, wrap=True):
- """Ensure the chain is removed.
-
- This removal "cascades". All rule in the chain are removed, as are
- all rules in other chains that jump to it.
- """
- name = get_chain_name(name, wrap)
- chain_set = self._select_chain_set(wrap)
- if name not in chain_set:
- return
-
- self.remove_chain(name, wrap)
-
def remove_chain(self, name, wrap=True):
"""Remove named chain.
def _remove_chain_by_name(self, ver, chain_name, ipt_mgr):
if ver == IPV4:
- ipt_mgr.ipv4['filter'].ensure_remove_chain(chain_name)
+ ipt_mgr.ipv4['filter'].remove_chain(chain_name)
else:
- ipt_mgr.ipv6['filter'].ensure_remove_chain(chain_name)
+ ipt_mgr.ipv6['filter'].remove_chain(chain_name)
def _add_rules_to_chain(self, ipt_mgr, ver, chain_name, rules):
if ver == IPV4:
ipt_mgr_echain = '%s-%s' % (bname, egress_chain[:11])
for router_info_inst in apply_list:
v4filter_inst = router_info_inst.iptables_manager.ipv4['filter']
- calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'),
- mock.call.ensure_remove_chain('ov4fake-fw-uuid'),
- mock.call.ensure_remove_chain('fwaas-default-policy'),
+ calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
+ mock.call.remove_chain('ov4fake-fw-uuid'),
+ mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP'),
mock.call.add_chain(ingress_chain),
for ip_version in (4, 6):
ingress_chain = ('iv%s%s' % (ip_version, firewall['id']))
egress_chain = ('ov%s%s' % (ip_version, firewall['id']))
- calls = [mock.call.ensure_remove_chain(
+ calls = [mock.call.remove_chain(
'iv%sfake-fw-uuid' % ip_version),
- mock.call.ensure_remove_chain(
+ mock.call.remove_chain(
'ov%sfake-fw-uuid' % ip_version),
- mock.call.ensure_remove_chain('fwaas-default-policy'),
+ mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP'),
mock.call.add_chain(ingress_chain),
self.firewall.delete_firewall('legacy', apply_list, firewall)
ingress_chain = 'iv4%s' % firewall['id']
egress_chain = 'ov4%s' % firewall['id']
- calls = [mock.call.ensure_remove_chain(ingress_chain),
- mock.call.ensure_remove_chain(egress_chain),
- mock.call.ensure_remove_chain('fwaas-default-policy')]
+ calls = [mock.call.remove_chain(ingress_chain),
+ mock.call.remove_chain(egress_chain),
+ mock.call.remove_chain('fwaas-default-policy')]
apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls)
def test_create_firewall_with_admin_down(self):
rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list)
firewall = self._fake_firewall_with_admin_down(rule_list)
self.firewall.create_firewall('legacy', apply_list, firewall)
- calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'),
- mock.call.ensure_remove_chain('ov4fake-fw-uuid'),
- mock.call.ensure_remove_chain('fwaas-default-policy'),
+ calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
+ mock.call.remove_chain('ov4fake-fw-uuid'),
+ mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP')]
apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls)
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
'sg-fallback',
'-j DROP',
comment=ic.UNMATCH_DROP),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
'sg-fallback',
'-j DROP',
comment=ic.UNMATCH_DROP),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule(
'ofake_dev',
'-j $sg-fallback', comment=None),
mock.call.add_rule('sg-chain', '-j ACCEPT'),
- mock.call.ensure_remove_chain('ifake_dev'),
- mock.call.ensure_remove_chain('ofake_dev'),
- mock.call.ensure_remove_chain('sfake_dev'),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('ifake_dev'),
+ mock.call.remove_chain('ofake_dev'),
+ mock.call.remove_chain('sfake_dev'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule(
'-j $sg-fallback',
comment=None),
mock.call.add_rule('sg-chain', '-j ACCEPT'),
- mock.call.ensure_remove_chain('ifake_dev'),
- mock.call.ensure_remove_chain('ofake_dev'),
- mock.call.ensure_remove_chain('sfake_dev'),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('ifake_dev'),
+ mock.call.remove_chain('ofake_dev'),
+ mock.call.remove_chain('sfake_dev'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain')]
self.v4filter_inst.assert_has_calls(calls)
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
- mock.call.ensure_remove_chain('sg-chain'),
+ mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
Code Review / openstack-build / neutron-build.git / commitdiff