use warnings;
use Data::Dumper;
use PVE::Firewall;
+use Getopt::Long;
+use File::Basename;
my $mark;
my $trace;
my $debug = 0;
+sub print_usage_and_exit {
+ die "usage: $0 [--debug] [testfile [testid]]\n";
+}
+
+if (!GetOptions ('debug' => \$debug)) {
+ print_usage_and_exit();
+}
+
+my $testfilename = shift;
+my $testid = shift;
+
sub add_trace {
my ($text) = @_;
}
sub run_tests {
- my ($vmdata, $testdir) = @_;
+ my ($vmdata, $testdir, $testfile, $testid) = @_;
+
+ $testfile = 'tests' if !$testfile;
$vmdata->{testdir} = $testdir;
my ($ruleset, $ipset_ruleset) =
PVE::Firewall::compile(undef, undef, $vmdata);
- my $testfile = "$testdir/tests";
- my $fh = IO::File->new($testfile) ||
- die "unable to open '$testfile' - $!\n";
+ my $filename = "$testdir/$testfile";
+ my $fh = IO::File->new($filename) ||
+ die "unable to open '$filename' - $!\n";
+ my $testcount = 0;
while (defined(my $line = <$fh>)) {
next if $line =~ m/^\s*$/;
next if $line =~ m/^#.*$/;
if ($line =~ m/^\{.*\}\s*$/) {
my $test = eval $line;
die $@ if $@;
+ next if defined($testid) && (!defined($test->{id}) || ($testid ne $test->{id}));
$trace = '';
print Dumper($ruleset) if $debug;
+ $testcount++;
eval { simulate_firewall($ruleset, $ipset_ruleset, $vmdata, $test); };
if (my $err = $@) {
print "$trace\n" if !$debug;
- print "$testfile line $.: $line";
+ print "$filename line $.: $line";
print "test failed: $err\n";
}
}
- print "PASS: $testfile\n";
+ die "no tests found\n" if $testcount <= 0;
+
+ print "PASS: $filename\n";
return undef;
}
},
};
-foreach my $dir (<test-*>) {
- next if ! -d $dir;
- run_tests($vmdata, $dir);
+if ($testfilename) {
+ my $testfile;
+ my $dir;
+
+ if (-d $testfilename) {
+ $dir = $testfilename;
+ } elsif (-f $testfilename) {
+ $dir = dirname($testfilename);
+ $testfile = basename($testfilename);
+ } else {
+ die "no such file/dir '$testfilename'\n";
+ }
+
+ run_tests($vmdata, $dir, $testfile, $testid);
+
+} else {
+ foreach my $dir (<test-*>) {
+ next if ! -d $dir;
+ run_tests($vmdata, $dir);
+ }
}
print "OK - all tests passed\n";
{ from => 'vm100' , to => 'ct200', dport => 22, action => 'ACCEPT' }
{ from => 'vm101', to => 'vm100', dport => 22, action => 'DROP' }
-{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT' }
+{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
{ from => 'ct201', to => 'ct200', dport => 22, action => 'ACCEPT' }
{ from => 'ct201', to => 'ct200', dport => 23, action => 'DROP' }
{ from => 'outside', to => 'host', dport => 22, action => 'ACCEPT' }
{ from => 'outside', to => 'host', dport => 23, action => 'DROP' }
-{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT' }
+{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT'}
{ from => 'host' , to => 'outside', dport => 81, action => 'REJECT' }
{ from => 'vm100' , to => 'outside', dport => 80, action => 'ACCEPT' }
{ from => 'vm100' , to => 'outside', dport => 81, action => 'REJECT' }
projects / pve-firewall.git / commitdiff