Merge pull request #1087 from skalenetwork/fix-archive-firewall

Fix archive node firewall rules after node rotation
skalenetwork · Jul 10, 2024 · 1c28151 · 1c28151
2 parents e80597c + 4221a02
commit 1c28151
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/core/schains/firewall/rule_controller.py b/core/schains/firewall/rule_controller.py
@@ -87,7 +87,7 @@ def get_missing(self) -> Dict['str', Any]:
         return missing
 
     def is_configured(self) -> bool:
-        return all((self.base_port, self.own_ip, self.node_ips))
+        return all((self.base_port, self.node_ips))
 
     def configure(
         self,

diff --git a/tests/firewall/rule_controller_test.py b/tests/firewall/rule_controller_test.py
@@ -150,6 +150,50 @@ def test_schain_rule_controller_configure():
     own_ip = '1.1.1.1'
     node_ips = ['1.1.1.1', '2.2.2.2', '3.3.3.3', '4.4.4.4']
     base_port = 10000
+
+    src.configure(base_port=base_port)
+    with pytest.raises(NotInitializedError):
+        src.public_ports()
+
+    src.configure(base_port=base_port, node_ips=node_ips)
+    assert list(src.public_ports) == [10003, 10008, 10002, 10007, 10009]
+
+    expected_rules = {
+        SChainRule(port=10000, first_ip='1.1.1.1', last_ip=None),
+        SChainRule(port=10000, first_ip='2.2.2.2', last_ip=None),
+        SChainRule(port=10000, first_ip='3.3.3.3', last_ip=None),
+        SChainRule(port=10000, first_ip='4.4.4.4', last_ip=None),
+        SChainRule(port=10001, first_ip='1.1.1.1', last_ip=None),
+        SChainRule(port=10001, first_ip='2.2.2.2', last_ip=None),
+        SChainRule(port=10001, first_ip='3.3.3.3', last_ip=None),
+        SChainRule(port=10001, first_ip='4.4.4.4', last_ip=None),
+        SChainRule(port=10002, first_ip=None, last_ip=None),
+        SChainRule(port=10003, first_ip=None, last_ip=None),
+        SChainRule(port=10004, first_ip='1.1.1.1', last_ip=None),
+        SChainRule(port=10004, first_ip='2.2.2.2', last_ip=None),
+        SChainRule(port=10004, first_ip='3.3.3.3', last_ip=None),
+        SChainRule(port=10004, first_ip='4.4.4.4', last_ip=None),
+        SChainRule(port=10005, first_ip='1.1.1.1', last_ip=None),
+        SChainRule(port=10005, first_ip='2.2.2.2', last_ip=None),
+        SChainRule(port=10005, first_ip='3.3.3.3', last_ip=None),
+        SChainRule(port=10005, first_ip='4.4.4.4', last_ip=None),
+        SChainRule(port=10007, first_ip=None, last_ip=None),
+        SChainRule(port=10008, first_ip=None, last_ip=None),
+        SChainRule(port=10009, first_ip=None, last_ip=None),
+        SChainRule(port=10010, first_ip='1.1.1.1', last_ip=None),
+        SChainRule(port=10010, first_ip='2.2.2.2', last_ip=None),
+        SChainRule(port=10010, first_ip='3.3.3.3', last_ip=None),
+        SChainRule(port=10010, first_ip='4.4.4.4', last_ip=None)
+    }
+    src.configure(base_port=base_port, node_ips=node_ips)
+
+    assert not src.is_rules_synced()
+    assert list(src.expected_rules()) == list(sorted(expected_rules))
+    src.sync()
+    assert src.is_rules_synced()
+    assert list(src.expected_rules()) == list(sorted(expected_rules))
+    assert list(src.actual_rules()) == list(sorted(expected_rules))
+
     expected_rules = {
         SChainRule(port=10000, first_ip='2.2.2.2', last_ip=None),
         SChainRule(port=10000, first_ip='3.3.3.3', last_ip=None),
@@ -173,6 +217,7 @@ def test_schain_rule_controller_configure():
         SChainRule(port=10010, first_ip='4.4.4.4', last_ip=None)
     }
     src.configure(base_port=base_port, own_ip=own_ip, node_ips=node_ips)
+
     assert not src.is_rules_synced()
     assert list(src.expected_rules()) == list(sorted(expected_rules))
     src.sync()