tyler.durden
/
pi-hole
mirror of https://github.com/pi-hole/pi-hole.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

`firewall-cmd --state` returns 0 on 'running' non 0 on 'not running', 

so check retval and not text returned.

FirewallD conversion to multicall

IPTables test
This commit is contained in:
Dan Schaper 2017-01-24 15:44:48 -08:00
parent 4bb71ae046
commit b16f797317
No known key found for this signature in database
GPG Key ID: 572E999E385B7BFC
2 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
automated install/basic-install.sh
View File

@ -879,7 +879,7 @@ create_pihole_user() {
configureFirewall() { configureFirewall() {
# Allow HTTP and DNS traffic # Allow HTTP and DNS traffic
if [[ $(firewall-cmd --state) == "running" ]]; then if firewall-cmd --state &> /dev/null; then
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \ whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
{ echo -e ":::\n::: Not installing firewall rulesets."; return 1; } { echo -e ":::\n::: Not installing firewall rulesets."; return 1; }
echo -e ":::\n:::\n Configuring FirewallD for httpd and dnsmasq." echo -e ":::\n:::\n Configuring FirewallD for httpd and dnsmasq."

48
test/test_automated_install.py
View File

@ -67,9 +67,9 @@ def test_setupVars_saved_to_file(Pihole):
def test_configureFirewall_firewalld_running_no_errors(Pihole): def test_configureFirewall_firewalld_running_no_errors(Pihole):
''' confirms firewalld rules are applied when firewallD is running ''' ''' confirms firewalld rules are applied when firewallD is running '''
# firewallD returns 'running' as status # firewallD returns 'running' as status
mock_command('firewall-cmd', 'running', '0', Pihole) mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
# Whiptail dialog returns Ok for user prompt # Whiptail dialog returns Ok for user prompt
mock_command('whiptail', '', '0', Pihole) mock_command('whiptail', {'*':('', 0)}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -84,7 +84,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole):
def test_configureFirewall_firewalld_disabled_no_errors(Pihole): def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
''' confirms firewalld rules are not applied when firewallD is not running ''' ''' confirms firewalld rules are not applied when firewallD is not running '''
# firewallD returns non-running status # firewallD returns non-running status
mock_command('firewall-cmd', 'stopped', '0', Pihole) mock_command('firewall-cmd', {'*':('not running', '1')}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -95,9 +95,9 @@ def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole): def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
''' confirms firewalld rules are not applied when firewallD is running, user declines ruleset ''' ''' confirms firewalld rules are not applied when firewallD is running, user declines ruleset '''
# firewallD returns running status # firewallD returns running status
mock_command('firewall-cmd', 'running', '0', Pihole) mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
# Whiptail dialog returns Cancel for user prompt # Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', '', '1', Pihole) mock_command('whiptail', {'*':('', 1)}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -117,11 +117,11 @@ def test_configureFirewall_no_firewall(Pihole):
def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole): def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset ''' ''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset '''
# iptables command exists # iptables command exists
mock_command('iptables', '', '0', Pihole) mock_command('iptables', {'*':('', '0')}, Pihole)
# modinfo returns always true (ip_tables module check) # modinfo returns always true (ip_tables module check)
mock_command('modinfo', '', '0', Pihole) mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt # Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', '', '1', Pihole) mock_command('whiptail', {'*':('', '1')}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -132,11 +132,11 @@ def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole): def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
''' confirms IPTables rules are not applied when IPTables is running and rules exist ''' ''' confirms IPTables rules are not applied when IPTables is running and rules exist '''
# iptables command exists and returns 0 on calls (should return 0 on iptables -C) # iptables command exists and returns 0 on calls (should return 0 on iptables -C)
mock_command('iptables', '', '0', Pihole) mock_command('iptables', {'-S':('-P INPUT DENY', '0')}, Pihole)
# modinfo returns always true (ip_tables module check) # modinfo returns always true (ip_tables module check)
mock_command('modinfo', '', '0', Pihole) mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt # Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', '', '0', Pihole) mock_command('whiptail', {'*':('', '0')}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -150,12 +150,12 @@ def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole): def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
''' confirms IPTables rules are applied when IPTables is running and rules do not exist ''' ''' confirms IPTables rules are applied when IPTables is running and rules do not exist '''
# iptables command and returns 1 on calls (should return 1 on iptables -C) # iptables command and returns 0 on calls (should return 1 on iptables -C)
mock_command('iptables', '', '1', Pihole) mock_command('iptables', {'-S':('-P INPUT DENY', '0'), '-C':('', 1), '-I':('', 0)}, Pihole)
# modinfo returns always true (ip_tables module check) # modinfo returns always true (ip_tables module check)
mock_command('modinfo', '', '0', Pihole) mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt # Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', '', '0', Pihole) mock_command('whiptail', {'*':('', '0')}, Pihole)
configureFirewall = Pihole.run(''' configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
configureFirewall configureFirewall
@ -167,20 +167,26 @@ def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls
# Helper functions # Helper functions
def mock_command(script, result, retVal, container): def mock_command(script, args, container):
''' Allows for setup of commands we don't really want to have to run for real in unit tests ''' ''' Allows for setup of commands we don't really want to have to run for real in unit tests '''
''' TODO: support array of results that enable the results to change over multiple executions of a command '''
full_script_path = '/usr/local/bin/{}'.format(script) full_script_path = '/usr/local/bin/{}'.format(script)
mock_script = dedent('''\ mock_script = dedent('''\
#!/bin/bash -e #!/bin/bash -e
echo "\$0 \$@" >> /var/log/{script} echo "\$0 \$@" >> /var/log/{script}
echo {result} case "\$1" in'''.format(script=script))
exit {retcode} for k, v in args.iteritems():
'''.format(script=script, result=result,retcode=retVal)) case = dedent('''
{arg})
echo {res}
exit {retcode}
;;'''.format(arg=k, res=v[0], retcode=v[1]))
mock_script += case
mock_script += dedent('''
esac''')
container.run(''' container.run('''
cat <<EOF> {script}\n{content}\nEOF cat <<EOF> {script}\n{content}\nEOF
chmod +x {script} chmod +x {script}
'''.format(script=full_script_path, content=mock_script)) rm -f /var/log/{scriptlog}'''.format(script=full_script_path, content=mock_script, scriptlog=script))
def run_script(Pihole, script): def run_script(Pihole, script):
result = Pihole.run(script) result = Pihole.run(script)