elif opts.new_zone:
if 'zones' not in data:
data['zones'] = []
- data['zones'].append(opts.new_zone)
+ if opts.new_zone not in data['zones']:
+ data['zones'].append(opts.new_zone)
elif opts.get_zones:
if 'zones' in data:
for zone in data['zones']:
data['zone_interfaces'] = {}
if opts.zone not in data['zone_interfaces'].keys():
data['zone_interfaces'][opts.zone] = []
- data['zone_interfaces'][opts.zone].append(opts.add_interface)
+ if opts.add_interface not in data['zone_interfaces'][opts.zone]:
+ data['zone_interfaces'][opts.zone].append(opts.add_interface)
elif opts.add_rich_rule:
assert opts.zone
if 'rules' not in data:
# Test rule parsing if firewalld is installed
if Rich_Rule:
# Parsing failure will throw an exception
- data['rules'][opts.zone].append(str(Rich_Rule(rule_str=opts.add_rich_rule)))
+ rule = str(Rich_Rule(rule_str=opts.add_rich_rule))
else:
- data['rules'][opts.zone].append(opts.add_rich_rule)
+ rule = opts.add_rich_rule
+ if rule not in data['rules'][opts.zone]:
+ data['rules'][opts.zone].append(rule)
elif opts.remove_rich_rule:
assert opts.zone
assert 'rules' in data
b'service name="ftp" reject']
self.assertIn(out.strip(), rules, 'Failed to set rich rule')
+ # Check that modifying the policy will enforce the correct settings
+ entries = [e for e in parser.pol_file.entries if e.data != 'home']
+ self.assertEquals(len(entries), len(parser.pol_file.entries)-1,
+ 'Failed to remove the home zone entry')
+ parser.pol_file.entries = entries
+ parser.pol_file.num_entries = len(entries)
+ # Stage the Registry.pol file with altered test data
+ unstage_file(reg_pol)
+ ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
+ self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
+
+ # Enforce the altered policy
+ ext.process_group_policy([], gpos)
+
+ # Check that the home zone was removed
+ cmd = [firewall_cmd, '--get-zones']
+ p = Popen(cmd, stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertIn(b'work', out, 'Failed to apply zones')
+ self.assertNotIn(b'home', out, 'Failed to apply zones')
# Verify RSOP does not fail
ext.rsop([g for g in gpos if g.name == guid][0])