Add Google DNS and request verification

Author: evanyeyeye

restful_tango/tangoREST.py

@@ -169,7 +169,11 @@ def convertJobObj(self, dirName, jobObj):
         if "disable_network" in jobObj and isinstance(jobObj["disable_network"], bool):
             disableNetwork = jobObj["disable_network"]
 
-        allowedOutgoingIPs = jobObj["allowed_outgoing_ips"]
+        allowedOutgoingIPs = None
+        if "allowed_outgoing_ips" in jobObj and isinstance(
+            jobObj["allowed_outgoing_ips"], list
+        ):
+            allowedOutgoingIPs = jobObj["allowed_outgoing_ips"]
 
         job = TangoJob(
             name=name,

tangoObjects.py

@@ -115,7 +115,7 @@ def __init__(
         self.accessKeyId = accessKeyId
         self.accessKey = accessKey
         self.disableNetwork = disableNetwork
-        self.allowedOutgoingIPs = (allowedOutgoingIPs,)
+        self.allowedOutgoingIPs = allowedOutgoingIPs
 
     def makeAssigned(self):
         self.syncRemote()

vmms/localDocker.py

@@ -165,6 +165,8 @@ def runJob(
             args = args + ["-m", f"{vm.memory}m"]
         if disableNetwork:
             args = args + ["--network", "none"]
+        if not disableNetwork and allowedOutgoingIPs:
+            args = args + ["--dns", "8.8.8.8", "--cap-add=NET_ADMIN"]
         args = args + [vm.image]
         args = args + ["sh", "-c"]
 
@@ -180,6 +182,7 @@ def runJob(
 
         iptablesCmd = ""
         if not disableNetwork and allowedOutgoingIPs:
+            iptablesCmd += f"iptables -A OUTPUT -d 8.8.8.8 -j ACCEPT; "
             for IP in allowedOutgoingIPs:
                 iptablesCmd += f"iptables -A OUTPUT -d {IP} -j ACCEPT; "
             iptablesCmd += "iptables -A OUTPUT -j DROP;"