Remove local firewall #817
base: master
Are you sure you want to change the base?
Conversation
backend/device_registry/models.py
Outdated
@@ -440,7 +440,8 @@ def zero_if_none(x): | |||
|
|||
return self.calculate_trust_score( | |||
app_armor_enabled=zero_if_none(self.deviceinfo.app_armor_enabled), | |||
firewall_enabled=self.firewallstate.policy == FirewallState.POLICY_ENABLED_BLOCK, | |||
firewall_enabled=(self.firewallstate.global_policy is not None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is not None
is redundant here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it's not. firewall_enabled
should be True or False, never None. Ifself.firewallstate.global_policy
is None and self.firewallstate.global_policy.policy
is not GlobalPolicy.POLICY_BLOCK
then self.firewallstate.global_policy and self.firewallstate.global_policy.policy == GlobalPolicy.POLICY_BLOCK
will evaluate to None.
@@ -787,27 +788,8 @@ class FirewallState(models.Model): | |||
device = models.OneToOneField(Device, on_delete=models.CASCADE) | |||
scan_date = models.DateTimeField(null=True, auto_now_add=True) | |||
rules = JSONField(blank=True, default=dict) | |||
policy = models.PositiveSmallIntegerField(choices=POLICY_CHOICES, default=POLICY_ENABLED_ALLOW) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we remove the POLICY_CHOICES declaration since it's not used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
(firewallstate.policy != FirewallState.POLICY_ENABLED_BLOCK | ||
if firewallstate.global_policy is None | ||
else firewallstate.global_policy.policy != GlobalPolicy.POLICY_BLOCK) | ||
return firewallstate is not None \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure this line is correct
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's correct. If no Device has no firewallstate (which is unlikely) - it's not affected. If it has no global policy set or the global policy is not blocking - it's affected.
Please prove your point.
backend/device_registry/views.py
Outdated
portscan.save(update_fields=['block_networks']) | ||
# Submitted the removed `PortsForm` form. | ||
elif 'is_ports_form' in request.POST or 'is_connections_form' in request.POST: | ||
return HttpResponseForbidden() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not HttpResponseBadRequest
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed (should be handled by serializer).
730adc4
to
87ed8a3
Compare
87ed8a3
to
8177ef3
Compare
Closes #770