Remove root_helper arg from IptablesManager
Partially-Implements: blueprint rootwrap-daemon-mode Change-Id: I4b7da37df4256a1019f16c587e1738175861030e
This commit is contained in:
Terry Wilson
Henry Gessau
parent
04d2e9b412
commit
6095556f96
|
|
@ -165,7 +165,6 @@ class AgentMixin(object):
|
|||
self._external_gateway_added(ri, ex_gw_port, gw_interface_name,
|
||||
snat_ns_name, preserve_ips=[])
|
||||
ri.snat_iptables_manager = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=snat_ns_name,
|
||||
use_ipv6=self.use_ipv6)
|
||||
# kicks the FW Agent to add rules for the snat namespace
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ class FipNamespace(object):
|
|||
self._subscribers = set()
|
||||
self._rule_priorities = set(range(FIP_PR_START, FIP_PR_END))
|
||||
self._iptables_manager = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=self.get_name(),
|
||||
use_ipv6=self.use_ipv6)
|
||||
path = os.path.join(agent_conf.state_path, 'fip-linklocal-networks')
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ class RouterInfo(object):
|
|||
self.router = router
|
||||
self.ns_name = ns_name
|
||||
self.iptables_manager = iptables_manager.IptablesManager(
|
||||
root_helper=root_helper,
|
||||
use_ipv6=use_ipv6,
|
||||
namespace=self.ns_name)
|
||||
self.routes = []
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
|||
def __init__(self):
|
||||
self.root_helper = cfg.CONF.AGENT.root_helper
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=ipv6_utils.is_enabled())
|
||||
# TODO(majopela, shihanzhang): refactor out ipset to a separate
|
||||
# driver composed over this one
|
||||
|
|
|
|||
|
|
@ -281,9 +281,8 @@ class IptablesManager(object):
|
|||
|
||||
"""
|
||||
|
||||
def __init__(self, _execute=None, state_less=False,
|
||||
root_helper=None, use_ipv6=False, namespace=None,
|
||||
binary_name=binary_name):
|
||||
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
||||
namespace=None, binary_name=binary_name):
|
||||
if _execute:
|
||||
self.execute = _execute
|
||||
else:
|
||||
|
|
@ -291,7 +290,6 @@ class IptablesManager(object):
|
|||
|
||||
config.register_iptables_opts(cfg.CONF)
|
||||
self.use_ipv6 = use_ipv6
|
||||
self.root_helper = root_helper
|
||||
self.namespace = namespace
|
||||
self.iptables_apply_deferred = False
|
||||
self.wrap_name = binary_name[:16]
|
||||
|
|
@ -430,7 +428,7 @@ class IptablesManager(object):
|
|||
args = ['%s-save' % (cmd,), '-c']
|
||||
if self.namespace:
|
||||
args = ['ip', 'netns', 'exec', self.namespace] + args
|
||||
all_tables = self.execute(args, root_helper=self.root_helper)
|
||||
all_tables = self.execute(args, run_as_root=True)
|
||||
all_lines = all_tables.split('\n')
|
||||
# Traverse tables in sorted order for predictable dump output
|
||||
for table_name in sorted(tables):
|
||||
|
|
@ -444,7 +442,7 @@ class IptablesManager(object):
|
|||
args = ['ip', 'netns', 'exec', self.namespace] + args
|
||||
try:
|
||||
self.execute(args, process_input='\n'.join(all_lines),
|
||||
root_helper=self.root_helper)
|
||||
run_as_root=True)
|
||||
except RuntimeError as r_error:
|
||||
with excutils.save_and_reraise_exception():
|
||||
try:
|
||||
|
|
@ -693,8 +691,7 @@ class IptablesManager(object):
|
|||
args.append('-Z')
|
||||
if self.namespace:
|
||||
args = ['ip', 'netns', 'exec', self.namespace] + args
|
||||
current_table = (self.execute(args,
|
||||
root_helper=self.root_helper))
|
||||
current_table = self.execute(args, run_as_root=True)
|
||||
current_lines = current_table.split('\n')
|
||||
|
||||
for line in current_lines[2:]:
|
||||
|
|
|
|||
|
|
@ -73,7 +73,6 @@ class RouterWithMetering(object):
|
|||
self.root_helper = config.get_root_helper(self.conf)
|
||||
self.ns_name = NS_PREFIX + self.id if conf.use_namespaces else None
|
||||
self.iptables_manager = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=self.ns_name,
|
||||
binary_name=WRAP_NAME,
|
||||
use_ipv6=ipv6_utils.is_enabled())
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ class IpsetBase(base.BaseIPVethTestCase):
|
|||
IPSET_SET)
|
||||
|
||||
self.dst_iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=self.dst_ns.namespace)
|
||||
|
||||
self._add_iptables_ipset_rules(self.dst_iptables)
|
||||
|
|
|
|||
|
|
@ -35,10 +35,8 @@ class IptablesManagerTestCase(base.BaseIPVethTestCase):
|
|||
|
||||
def create_firewalls(self):
|
||||
client_iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=self.client_ns.namespace)
|
||||
server_iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
namespace=self.server_ns.namespace)
|
||||
|
||||
return client_iptables, server_iptables
|
||||
|
|
|
|||
|
|
@ -81,14 +81,6 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
|||
self.metering = iptables_driver.IptablesMeteringDriver('metering',
|
||||
cfg.CONF)
|
||||
|
||||
def test_root_helper(self):
|
||||
self.metering.add_metering_label(None, TEST_ROUTERS)
|
||||
|
||||
self.iptables_cls.assert_called_with(root_helper='fake_sudo',
|
||||
namespace=mock.ANY,
|
||||
binary_name=mock.ANY,
|
||||
use_ipv6=mock.ANY)
|
||||
|
||||
def test_add_metering_label(self):
|
||||
routers = TEST_ROUTERS[:1]
|
||||
|
||||
|
|
|
|||
|
|
@ -132,9 +132,7 @@ class IptablesCommentsTestCase(base.BaseTestCase):
|
|||
super(IptablesCommentsTestCase, self).setUp()
|
||||
cfg.CONF.register_opts(a_cfg.IPTABLES_OPTS, 'AGENT')
|
||||
cfg.CONF.set_override('comment_iptables_rules', True, 'AGENT')
|
||||
self.root_helper = 'sudo'
|
||||
self.iptables = (iptables_manager.
|
||||
IptablesManager(root_helper=self.root_helper))
|
||||
self.iptables = iptables_manager.IptablesManager()
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
def test_comments_short_enough(self):
|
||||
|
|
@ -157,20 +155,20 @@ class IptablesCommentsTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + COMMENTED_NAT_DUMP +
|
||||
mangle_dump + filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + COMMENTED_NAT_DUMP +
|
||||
mangle_dump + FILTER_DUMP),
|
||||
root_helper=self.root_helper
|
||||
run_as_root=True
|
||||
),
|
||||
None),
|
||||
]
|
||||
|
|
@ -233,8 +231,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
cfg.CONF.register_opts(a_cfg.IPTABLES_OPTS, 'AGENT')
|
||||
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
||||
self.root_helper = 'sudo'
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper)
|
||||
self.iptables = iptables_manager.IptablesManager()
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
def test_binary_name(self):
|
||||
|
|
@ -254,27 +251,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
def _extend_with_ip6tables_filter(self, expected_calls, filter_dump):
|
||||
expected_calls.insert(2, (
|
||||
mock.call(['ip6tables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''))
|
||||
expected_calls.insert(3, (
|
||||
mock.call(['ip6tables-restore', '-c'],
|
||||
process_input=filter_dump,
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None))
|
||||
expected_calls.extend([
|
||||
(mock.call(['ip6tables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['ip6tables-restore', '-c'],
|
||||
process_input=filter_dump,
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None)])
|
||||
|
||||
def _test_add_and_remove_chain_custom_binary_name_helper(self, use_ipv6):
|
||||
bn = ("abcdef" * 5)
|
||||
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
binary_name=bn,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
|
@ -294,20 +290,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + nat_dump + mangle_dump +
|
||||
filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + nat_dump + mangle_dump +
|
||||
filter_dump),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -334,7 +330,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
bn = ("abcdef" * 5)[:16]
|
||||
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
binary_name=bn,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
|
@ -355,20 +350,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + nat_dump + mangle_dump +
|
||||
filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump + nat_dump + mangle_dump +
|
||||
filter_dump),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -395,7 +390,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_add_and_remove_chain_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -403,20 +397,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -441,7 +435,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_add_filter_rule_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -455,20 +448,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper
|
||||
run_as_root=True
|
||||
),
|
||||
None),
|
||||
]
|
||||
|
|
@ -504,7 +497,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_rule_with_wrap_target_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -537,20 +529,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
filter_dump_mod),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -582,7 +574,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_add_mangle_rule_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -607,20 +598,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + mangle_dump_mod +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -653,7 +644,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_add_nat_rule_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -684,20 +674,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + nat_dump_mod + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + nat_dump + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -736,7 +726,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_add_raw_rule_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
|
||||
|
|
@ -754,20 +743,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(raw_dump_mod + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
(mock.call(['iptables-save', '-c'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables-restore', '-c'],
|
||||
process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
|
||||
FILTER_DUMP),
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
None),
|
||||
]
|
||||
if use_ipv6:
|
||||
|
|
@ -890,7 +879,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_get_traffic_counters_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
exp_packets = 800
|
||||
|
|
@ -899,26 +887,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
expected_calls_and_values = [
|
||||
(mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT',
|
||||
'-n', '-v', '-x'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
TRAFFIC_COUNTERS_DUMP),
|
||||
(mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
]
|
||||
if use_ipv6:
|
||||
expected_calls_and_values.append(
|
||||
(mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT',
|
||||
'-n', '-v', '-x'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
TRAFFIC_COUNTERS_DUMP))
|
||||
exp_packets *= 2
|
||||
exp_bytes *= 2
|
||||
|
|
@ -940,7 +928,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
|
||||
def _test_get_traffic_counters_with_zero_helper(self, use_ipv6):
|
||||
self.iptables = iptables_manager.IptablesManager(
|
||||
root_helper=self.root_helper,
|
||||
use_ipv6=use_ipv6)
|
||||
self.execute = mock.patch.object(self.iptables, "execute").start()
|
||||
exp_packets = 800
|
||||
|
|
@ -949,26 +936,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
|
|||
expected_calls_and_values = [
|
||||
(mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT',
|
||||
'-n', '-v', '-x', '-Z'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
TRAFFIC_COUNTERS_DUMP),
|
||||
(mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x', '-Z'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x', '-Z'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
''),
|
||||
(mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
|
||||
'-v', '-x', '-Z'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
'')
|
||||
]
|
||||
if use_ipv6:
|
||||
expected_calls_and_values.append(
|
||||
(mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT',
|
||||
'-n', '-v', '-x', '-Z'],
|
||||
root_helper=self.root_helper),
|
||||
run_as_root=True),
|
||||
TRAFFIC_COUNTERS_DUMP))
|
||||
exp_packets *= 2
|
||||
exp_bytes *= 2
|
||||
|
|
|
|||
|
|
@ -2633,22 +2633,22 @@ class TestSecurityGroupAgentWithIptables(base.BaseTestCase):
|
|||
def _replay_iptables(self, v4_filter, v6_filter):
|
||||
self._register_mock_call(
|
||||
['iptables-save', '-c'],
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True,
|
||||
return_value='')
|
||||
self._register_mock_call(
|
||||
['iptables-restore', '-c'],
|
||||
process_input=self._regex(IPTABLES_RAW + IPTABLES_NAT +
|
||||
IPTABLES_MANGLE + v4_filter),
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True,
|
||||
return_value='')
|
||||
self._register_mock_call(
|
||||
['ip6tables-save', '-c'],
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True,
|
||||
return_value='')
|
||||
self._register_mock_call(
|
||||
['ip6tables-restore', '-c'],
|
||||
process_input=self._regex(v6_filter),
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True,
|
||||
return_value='')
|
||||
|
||||
def test_prepare_remove_port(self):
|
||||
|
|
|
|||
Loading…
Reference in New Issue