From d00ce2c194163e2222857b7c5e9e9d2223fe0df7 Mon Sep 17 00:00:00 2001 From: Will Dower Date: Mon, 12 Jul 2021 11:44:13 -0400 Subject: [PATCH] updated docs for resource Signed-off-by: Will Dower --- .../content/inspec/resources/firewalld.md | 43 ++++++++++++++++--- test/unit/resources/firewalld_test.rb | 2 +- 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/docs-chef-io/content/inspec/resources/firewalld.md b/docs-chef-io/content/inspec/resources/firewalld.md index 7429a96c3..1cafc9039 100644 --- a/docs-chef-io/content/inspec/resources/firewalld.md +++ b/docs-chef-io/content/inspec/resources/firewalld.md @@ -45,7 +45,20 @@ Use the where clause to test open interfaces, sources, and services that are in ## Properties -### `interfaces` +- `interfaces` +- `sources` +- `services` +- `target` +- `ports` +- `protocols` +- `forward_ports` +- `source_ports` +- `icmp_blocks` +- `rich_rules` + +## Property Examples + +### interfaces The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone. @@ -77,12 +90,20 @@ The `target` property is used in conjunction with the where class to display the its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc. end -### icmp_block_inversion +### ports -The `icmp_block_inversion` property is used in conjunction with the where class to display whether inversion of icmp blocks has been enabled for a zone. +The `ports` property is used in conjunction with the where class to display the ports used by an active zone. describe firewalld.where { zone == 'public' } do - its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc. + its('ports') { should cmp ["80/tcp", "443/tcp"] } + end + +### protocols + +The `protocols` property is used in conjunction with the where class to display the protocols used by an active zone. + + describe firewalld.where { zone == 'public' } do + its('protocols') { should cmp ["icmp", "ipv4"] } end ### default_zone @@ -131,4 +152,16 @@ The `be_running` matcher tests if the firewalld service is running: it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') } -It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action +It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action. + +### `have_icmp_block_inversion_enabled` + +`have_icmp_block_inversion_enabled` returns true or false if ICMP block inversion flag is set for the indicated zone. + + it { should have_icmp_block_inversion_enabled } + +### `have_masquerade_enabled` + +`have_masquerade_enabled` returns true or false if the masquerade flag is set for the indicated zone. + + it { should have_masquerade_enabled } diff --git a/test/unit/resources/firewalld_test.rb b/test/unit/resources/firewalld_test.rb index 0ca73392a..30feca239 100644 --- a/test/unit/resources/firewalld_test.rb +++ b/test/unit/resources/firewalld_test.rb @@ -57,7 +57,7 @@ describe "Inspec::Resources::FirewallD" do it "detects protocols in an active zone" do entries = cent_resource.where { zone == "public" } - _(entries.protocols).must_equal [%w{icmp ipv4}] + _(entries.protocols).must_equal [["icmp", "ipv4"]] end it "detects whether IPv4 masquerading is enabled in an active zone" do