From: zhiyuan_cai Date: Mon, 29 Dec 2014 10:48:49 +0000 (+0800) Subject: Reduce duplicate code in test_iptables_manager X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=8af2cc5c21a17cb05d1733feae4e501e614d028c;p=openstack-build%2Fneutron-build.git Reduce duplicate code in test_iptables_manager test_iptables_manager contains many hard-code iptables dumps which share most of the contents, extract the common part to reduce duplication. Change-Id: I2e373f8fe26f77db832da00c56ada6cfa3c50746 --- diff --git a/neutron/tests/unit/test_iptables_manager.py b/neutron/tests/unit/test_iptables_manager.py index 2991fbf08..51c7c4cfa 100644 --- a/neutron/tests/unit/test_iptables_manager.py +++ b/neutron/tests/unit/test_iptables_manager.py @@ -27,41 +27,65 @@ from neutron.tests import tools IPTABLES_ARG = {'bn': iptables_manager.binary_name, - 'snat_out_comment': ic.SNAT_OUT} - -NAT_DUMP = ('# Generated by iptables_manager\n' - '*nat\n' - ':neutron-postrouting-bottom - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-POSTROUTING - [0:0]\n' - ':%(bn)s-PREROUTING - [0:0]\n' - ':%(bn)s-float-snat - [0:0]\n' - ':%(bn)s-snat - [0:0]\n' - '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n' - '[0:0] -A POSTROUTING -j neutron-postrouting-bottom\n' - '[0:0] -A neutron-postrouting-bottom -j %(bn)s-snat\n' - '[0:0] -A %(bn)s-snat -j ' - '%(bn)s-float-snat\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % IPTABLES_ARG) - -FILTER_DUMP = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % IPTABLES_ARG) + 'snat_out_comment': ic.SNAT_OUT, + 'filter_rules': ''} + +NAT_TEMPLATE = ('# Generated by iptables_manager\n' + '*nat\n' + ':neutron-postrouting-bottom - [0:0]\n' + ':%(bn)s-OUTPUT - [0:0]\n' + ':%(bn)s-POSTROUTING - [0:0]\n' + ':%(bn)s-PREROUTING - [0:0]\n' + ':%(bn)s-float-snat - [0:0]\n' + ':%(bn)s-snat - [0:0]\n' + '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n' + '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' + '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n' + '[0:0] -A POSTROUTING -j neutron-postrouting-bottom\n' + '[0:0] -A neutron-postrouting-bottom -j %(bn)s-snat\n' + '[0:0] -A %(bn)s-snat -j ' + '%(bn)s-float-snat\n' + 'COMMIT\n' + '# Completed by iptables_manager\n') + +NAT_DUMP = NAT_TEMPLATE % IPTABLES_ARG + +FILTER_TEMPLATE = ('# Generated by iptables_manager\n' + '*filter\n' + ':neutron-filter-top - [0:0]\n' + ':%(bn)s-FORWARD - [0:0]\n' + ':%(bn)s-INPUT - [0:0]\n' + ':%(bn)s-OUTPUT - [0:0]\n' + ':%(bn)s-local - [0:0]\n' + '[0:0] -A FORWARD -j neutron-filter-top\n' + '[0:0] -A OUTPUT -j neutron-filter-top\n' + '[0:0] -A neutron-filter-top -j %(bn)s-local\n' + '[0:0] -A INPUT -j %(bn)s-INPUT\n' + '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' + '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' + 'COMMIT\n' + '# Completed by iptables_manager\n') + +FILTER_DUMP = FILTER_TEMPLATE % IPTABLES_ARG + +FILTER_WITH_RULES_TEMPLATE = ( + '# Generated by iptables_manager\n' + '*filter\n' + ':neutron-filter-top - [0:0]\n' + ':%(bn)s-FORWARD - [0:0]\n' + ':%(bn)s-INPUT - [0:0]\n' + ':%(bn)s-OUTPUT - [0:0]\n' + ':%(bn)s-filter - [0:0]\n' + ':%(bn)s-local - [0:0]\n' + '[0:0] -A FORWARD -j neutron-filter-top\n' + '[0:0] -A OUTPUT -j neutron-filter-top\n' + '[0:0] -A neutron-filter-top -j %(bn)s-local\n' + '[0:0] -A INPUT -j %(bn)s-INPUT\n' + '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' + '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' + '%(filter_rules)s' + 'COMMIT\n' + '# Completed by iptables_manager\n') COMMENTED_NAT_DUMP = ( '# Generated by iptables_manager\n' @@ -83,6 +107,15 @@ COMMENTED_NAT_DUMP = ( 'COMMIT\n' '# Completed by iptables_manager\n' % IPTABLES_ARG) +TRAFFIC_COUNTERS_DUMP = ( + 'Chain OUTPUT (policy ACCEPT 400 packets, 65901 bytes)\n' + ' pkts bytes target prot opt in out source' + ' destination \n' + ' 400 65901 chain1 all -- * * 0.0.0.0/0' + ' 0.0.0.0/0 \n' + ' 400 65901 chain2 all -- * * 0.0.0.0/0' + ' 0.0.0.0/0 \n') + class IptablesTestCase(base.BaseTestCase): @@ -111,26 +144,13 @@ class IptablesCommentsTestCase(base.BaseTestCase): % attr) def test_add_filter_rule(self): - filter_dump_mod = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - '[0:0] -A %(bn)s-filter -j DROP\n' - '[0:0] -A %(bn)s-INPUT -s 0/0 -d 192.168.0.2 -j ' - '%(bn)s-filter\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % IPTABLES_ARG) + iptables_args = {} + iptables_args.update(IPTABLES_ARG) + filter_rules = ('[0:0] -A %(bn)s-filter -j DROP\n' + '[0:0] -A %(bn)s-INPUT -s 0/0 -d 192.168.0.2 -j ' + '%(bn)s-filter\n' % iptables_args) + iptables_args['filter_rules'] = filter_rules + filter_dump_mod = FILTER_WITH_RULES_TEMPLATE % iptables_args raw_dump = _generate_raw_dump(IPTABLES_ARG) @@ -240,77 +260,15 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): use_ipv6=use_ipv6) self.execute = mock.patch.object(self.iptables, "execute").start() - iptables_args = {'bn': bn[:16]} - - filter_dump = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % iptables_args) - - filter_dump_ipv6 = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % - iptables_args) + iptables_args = {'bn': bn[:16], 'filter_rules': ''} - filter_dump_mod = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % iptables_args) + filter_dump = FILTER_WITH_RULES_TEMPLATE % iptables_args + + filter_dump_ipv6 = FILTER_TEMPLATE % iptables_args + + filter_dump_mod = filter_dump - nat_dump = ('# Generated by iptables_manager\n' - '*nat\n' - ':neutron-postrouting-bottom - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-POSTROUTING - [0:0]\n' - ':%(bn)s-PREROUTING - [0:0]\n' - ':%(bn)s-float-snat - [0:0]\n' - ':%(bn)s-snat - [0:0]\n' - '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n' - '[0:0] -A POSTROUTING -j neutron-postrouting-bottom\n' - '[0:0] -A neutron-postrouting-bottom -j %(bn)s-snat\n' - '[0:0] -A %(bn)s-snat -j ' - '%(bn)s-float-snat\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % iptables_args) + nat_dump = NAT_TEMPLATE % iptables_args raw_dump = _generate_raw_dump(iptables_args) @@ -361,58 +319,14 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): iptables_args = {'bn': bn} - filter_dump = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % iptables_args) + filter_dump = FILTER_TEMPLATE % iptables_args - filter_dump_mod = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - '[0:0] -A %(bn)s-filter -s 0/0 -d 192.168.0.2\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % iptables_args) + filter_rules = ('[0:0] -A %(bn)s-filter -s 0/0 -d 192.168.0.2\n' + % iptables_args) + iptables_args['filter_rules'] = filter_rules + filter_dump_mod = FILTER_WITH_RULES_TEMPLATE % iptables_args - nat_dump = ('# Generated by iptables_manager\n' - '*nat\n' - ':neutron-postrouting-bottom - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-POSTROUTING - [0:0]\n' - ':%(bn)s-PREROUTING - [0:0]\n' - ':%(bn)s-float-snat - [0:0]\n' - ':%(bn)s-snat - [0:0]\n' - '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n' - '[0:0] -A POSTROUTING -j neutron-postrouting-bottom\n' - '[0:0] -A neutron-postrouting-bottom -j %(bn)s-snat\n' - '[0:0] -A %(bn)s-snat -j ' - '%(bn)s-float-snat\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' % iptables_args) + nat_dump = NAT_TEMPLATE % iptables_args raw_dump = _generate_raw_dump(iptables_args) @@ -460,23 +374,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): use_ipv6=use_ipv6) self.execute = mock.patch.object(self.iptables, "execute").start() - filter_dump_mod = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % IPTABLES_ARG) + filter_dump_mod = FILTER_WITH_RULES_TEMPLATE % IPTABLES_ARG expected_calls_and_values = [ (mock.call(['iptables-save', '-c'], @@ -520,26 +418,13 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): use_ipv6=use_ipv6) self.execute = mock.patch.object(self.iptables, "execute").start() - filter_dump_mod = ('# Generated by iptables_manager\n' - '*filter\n' - ':neutron-filter-top - [0:0]\n' - ':%(bn)s-FORWARD - [0:0]\n' - ':%(bn)s-INPUT - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-filter - [0:0]\n' - ':%(bn)s-local - [0:0]\n' - '[0:0] -A FORWARD -j neutron-filter-top\n' - '[0:0] -A OUTPUT -j neutron-filter-top\n' - '[0:0] -A neutron-filter-top -j %(bn)s-local\n' - '[0:0] -A INPUT -j %(bn)s-INPUT\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A FORWARD -j %(bn)s-FORWARD\n' - '[0:0] -A %(bn)s-filter -j DROP\n' - '[0:0] -A %(bn)s-INPUT -s 0/0 -d 192.168.0.2 -j ' - '%(bn)s-filter\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % IPTABLES_ARG) + iptables_args = {} + iptables_args.update(IPTABLES_ARG) + filter_rules = ('[0:0] -A %(bn)s-filter -j DROP\n' + '[0:0] -A %(bn)s-INPUT -s 0/0 -d 192.168.0.2 -j ' + '%(bn)s-filter\n' % iptables_args) + iptables_args['filter_rules'] = filter_rules + filter_dump_mod = FILTER_WITH_RULES_TEMPLATE % iptables_args expected_calls_and_values = [ (mock.call(['iptables-save', '-c'], @@ -670,23 +555,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): use_ipv6=use_ipv6) self.execute = mock.patch.object(self.iptables, "execute").start() - nat_dump = ('# Generated by iptables_manager\n' - '*nat\n' - ':neutron-postrouting-bottom - [0:0]\n' - ':%(bn)s-OUTPUT - [0:0]\n' - ':%(bn)s-POSTROUTING - [0:0]\n' - ':%(bn)s-PREROUTING - [0:0]\n' - ':%(bn)s-float-snat - [0:0]\n' - ':%(bn)s-snat - [0:0]\n' - '[0:0] -A PREROUTING -j %(bn)s-PREROUTING\n' - '[0:0] -A OUTPUT -j %(bn)s-OUTPUT\n' - '[0:0] -A POSTROUTING -j %(bn)s-POSTROUTING\n' - '[0:0] -A POSTROUTING -j neutron-postrouting-bottom\n' - '[0:0] -A neutron-postrouting-bottom -j %(bn)s-snat\n' - '[0:0] -A %(bn)s-snat -j %(bn)s-float-snat\n' - 'COMMIT\n' - '# Completed by iptables_manager\n' - % IPTABLES_ARG) + nat_dump = NAT_TEMPLATE % IPTABLES_ARG nat_dump_mod = ('# Generated by iptables_manager\n' '*nat\n' @@ -921,20 +790,11 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): exp_packets = 800 exp_bytes = 131802 - iptables_dump = ( - 'Chain OUTPUT (policy ACCEPT 400 packets, 65901 bytes)\n' - ' pkts bytes target prot opt in out source' - ' destination \n' - ' 400 65901 chain1 all -- * * 0.0.0.0/0' - ' 0.0.0.0/0 \n' - ' 400 65901 chain2 all -- * * 0.0.0.0/0' - ' 0.0.0.0/0 \n') - expected_calls_and_values = [ (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x'], root_helper=self.root_helper), - iptables_dump), + TRAFFIC_COUNTERS_DUMP), (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n', '-v', '-x'], root_helper=self.root_helper), @@ -949,7 +809,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x'], root_helper=self.root_helper), - iptables_dump)) + TRAFFIC_COUNTERS_DUMP)) exp_packets *= 2 exp_bytes *= 2 @@ -976,20 +836,11 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): exp_packets = 800 exp_bytes = 131802 - iptables_dump = ( - 'Chain OUTPUT (policy ACCEPT 400 packets, 65901 bytes)\n' - ' pkts bytes target prot opt in out source' - ' destination \n' - ' 400 65901 chain1 all -- * * 0.0.0.0/0' - ' 0.0.0.0/0 \n' - ' 400 65901 chain2 all -- * * 0.0.0.0/0' - ' 0.0.0.0/0 \n') - expected_calls_and_values = [ (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-Z'], root_helper=self.root_helper), - iptables_dump), + TRAFFIC_COUNTERS_DUMP), (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n', '-v', '-x', '-Z'], root_helper=self.root_helper), @@ -1004,7 +855,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase): (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-Z'], root_helper=self.root_helper), - iptables_dump)) + TRAFFIC_COUNTERS_DUMP)) exp_packets *= 2 exp_bytes *= 2