From b388398d8c4b9859fba9b45371239bd2e5d6bfd4 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Thu, 24 May 2018 16:30:41 -0400 Subject: [PATCH 5/5] tests/firewall-cmd: exercise --check-config This exercises the --check-config option for both firewall-cmd and firewall-offline-cmd. We also remove the explicit check in config/Makefile as it's now part of the normal testsuite. (cherry picked from commit c2bd43e71018ca4e43141ca93fab352e344f4a30) --- src/tests/firewall-cmd.at | 374 ++++++++++++++++++++++++++++++++++++++++++++++ src/tests/functions.at | 3 + 2 files changed, 377 insertions(+) diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at index 7364e9770d27..92cade844b9e 100644 --- a/src/tests/firewall-cmd.at +++ b/src/tests/firewall-cmd.at @@ -840,3 +840,377 @@ FWD_END_TEST([-e '/ERROR: INVALID_RULE:/d' dnl -e '/ERROR: INVALID_LOG_LEVEL: eror/d' dnl -e '/ERROR: MISSING_FAMILY/d' dnl -e '/ERROR: INVALID_LIMIT: 1\/2m/d']) + +FWD_START_TEST([config validation]) + dnl default config + FWD_CHECK([--check-config], 0, ignore) + + dnl The rest of these are negative test cases. + + dnl firewalld.conf + AT_CHECK([cp ./firewalld.conf ./firewalld.conf.orig]) + AT_CHECK([echo "SomeBogusField=yes" >> ./firewalld.conf]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +ERROR: Invalid option: 'SomeBogusField=yes' +ERROR: Invalid option: 'SomeBogusField=yes' +])]) + AT_CHECK([cp ./firewalld.conf.orig ./firewalld.conf]) + + dnl direct + AT_DATA([./direct.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 111, ignore, ignore) + + AT_DATA([./direct.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + AT_CHECK([rm ./direct.xml]) + + dnl lockdown-whitelist + AT_DATA([./lockdown-whitelist.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./lockdown-whitelist.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./lockdown-whitelist.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + AT_CHECK([rm ./lockdown-whitelist.xml]) + + dnl ipset + AT_CHECK([mkdir -p ./ipsets]) + AT_DATA([./ipsets/foobar.xml], [dnl + + + 12:34:56:78:90 + +]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. +WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. +])]) + + AT_DATA([./ipsets/foobar.xml], [dnl + + + 12:34:56:78:90:ab + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./ipsets/foobar.xml], [dnl + + + +]) + FWD_CHECK([--check-config], 119, ignore, ignore) + AT_CHECK([rm ./ipsets/foobar.xml]) + + dnl helpers + AT_CHECK([mkdir -p ./helpers]) + AT_DATA([./helpers/foobar.xml], [dnl + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./helpers/foobar.xml], [dnl + + + +]) + FWD_CHECK([--check-config], 111, ignore, ignore) + + AT_DATA([./helpers/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 103, ignore, ignore) + AT_CHECK([rm ./helpers/foobar.xml]) + + dnl icmptype + AT_CHECK([mkdir -p ./icmptypes]) + AT_DATA([./icmptypes/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./icmptypes/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + AT_CHECK([rm ./icmptypes/foobar.xml]) + + dnl services + AT_CHECK([mkdir -p ./services]) + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 103, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 103, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 102, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + + +]) + FWD_CHECK([--check-config], 102, ignore, ignore) + + AT_DATA([./services/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + AT_CHECK([rm ./services/foobar.xml]) + + dnl zones + AT_CHECK([mkdir -p ./zones]) + AT_DATA([./zones/foobar.xml], [dnl + +]) + FWD_CHECK([--check-config], 112, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 101, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 103, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + +]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +WARNING: Invalid source: No address no ipset. +WARNING: Invalid source: No address no ipset. +])]) + + AT_DATA([./zones/foobar.xml], [dnl + + + + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + + + + + + +]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" +WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" +])]) + + AT_DATA([./zones/foobar.xml], [dnl + + + + + + + +]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +WARNING: Invalid rule: Invalid log level +WARNING: Invalid rule: Invalid log level +])]) + + AT_DATA([./zones/foobar.xml], [dnl + + + + + + + +]) + FWD_CHECK([--check-config], 28, ignore, ignore) + + AT_DATA([./zones/foobar.xml], [dnl + + + + + + + +]) + FWD_CHECK([--check-config], 0, ignore, [dnl +m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl +WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept +WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept +])]) + AT_CHECK([rm ./zones/foobar.xml]) + +FWD_END_TEST([-e '/ERROR:/d'dnl + -e '/WARNING:/d']) diff --git a/src/tests/functions.at b/src/tests/functions.at index 7bd66d5c74fe..d9b1ce401bb0 100644 --- a/src/tests/functions.at +++ b/src/tests/functions.at @@ -122,6 +122,9 @@ m4_define([FWD_CHECK], [ m4_if(-1, m4_index([$1], [-default-zone]), [], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ]) + m4_if(-1, m4_index([$1], [--check-config]), [], [ + m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) + ]) ], [ m4_if(-1, m4_index([$1], [--timeout]), [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) -- 2.16.3