linode_api4-python/test/integration/models/firewall/test_firewall.py at 4f1978b65a55840aa3bc5f167c0ee4a4b9a0c065 · linode/linode_api4-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import time
from test.integration.conftest import get_region
from test.integration.helpers import get_test_label

import pytest

from linode_api4.objects import Firewall, FirewallDevice


@pytest.fixture(scope="session")
def linode_fw(test_linode_client):
    client = test_linode_client
    region = get_region(client, {"Linodes", "Cloud Firewall"}, site_type="core")
    label = get_test_label()

    linode_instance, password = client.linode.instance_create(
        "g6-nanode-1", region, image="linode/debian12", label=label
    )

    yield linode_instance

    linode_instance.delete()


@pytest.mark.smoke
def test_get_firewall_rules(test_linode_client, test_firewall):
    firewall = test_linode_client.load(Firewall, test_firewall.id)
    rules = firewall.rules

    assert rules.inbound_policy in ["ACCEPT", "DROP"]
    assert rules.outbound_policy in ["ACCEPT", "DROP"]
    assert isinstance(rules.version, int)
    assert rules.version > 0
    assert isinstance(rules.fingerprint, str)
    assert len(rules.fingerprint) > 0


@pytest.mark.smoke
def test_update_firewall_rules(test_linode_client, test_firewall):
    firewall = test_linode_client.load(Firewall, test_firewall.id)
    new_rules = {
        "inbound": [
            {
                "action": "ACCEPT",
                "addresses": {
                    "ipv4": ["0.0.0.0/0"],
                    "ipv6": ["ff00::/8"],
                },
                "description": "A really cool firewall rule.",
                "label": "really-cool-firewall-rule",
                "ports": "80",
                "protocol": "TCP",
            }
        ],
        "inbound_policy": "ACCEPT",
        "outbound": [],
        "outbound_policy": "DROP",
    }

    firewall.update_rules(new_rules)

    time.sleep(1)

    firewall = test_linode_client.load(Firewall, test_firewall.id)

    assert firewall.rules.inbound_policy == "ACCEPT"
    assert firewall.rules.outbound_policy == "DROP"
    assert isinstance(firewall.rules.version, int)
    assert firewall.rules.version > 0
    assert isinstance(firewall.rules.fingerprint, str)
    assert len(firewall.rules.fingerprint) > 0


def test_get_devices(test_linode_client, linode_fw, test_firewall):
    linode = linode_fw

    test_firewall.device_create(int(linode.id))

    firewall = test_linode_client.load(Firewall, test_firewall.id)

    assert len(firewall.devices) > 0


def test_get_device(test_linode_client, test_firewall, linode_fw):
    firewall = test_firewall

    firewall_device = test_linode_client.load(
        FirewallDevice, firewall.devices.first().id, firewall.id
    )

    assert firewall_device.entity.type == "linode"
    assert "/v4/linode/instances/" in firewall_device.entity.url