updated docs for resource

Signed-off-by: Will Dower <wdower@mitre.org>
This commit is contained in:
Will Dower 2021-07-12 11:44:13 -04:00 committed by Clinton Wolfe
parent 513b743ce6
commit d00ce2c194
2 changed files with 39 additions and 6 deletions

View file

@ -45,7 +45,20 @@ Use the where clause to test open interfaces, sources, and services that are in
## Properties ## Properties
### `interfaces` - `interfaces`
- `sources`
- `services`
- `target`
- `ports`
- `protocols`
- `forward_ports`
- `source_ports`
- `icmp_blocks`
- `rich_rules`
## Property Examples
### interfaces
The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone. The `interfaces` property is used in conjunction with the where class to display open interfaces in an active zone.
@ -77,12 +90,20 @@ The `target` property is used in conjunction with the where class to display the
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc. its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc.
end end
### icmp_block_inversion ### ports
The `icmp_block_inversion` property is used in conjunction with the where class to display whether inversion of icmp blocks has been enabled for a zone. The `ports` property is used in conjunction with the where class to display the ports used by an active zone.
describe firewalld.where { zone == 'public' } do describe firewalld.where { zone == 'public' } do
its('target') { should cmp ['default'] } # or ['DROP'], ['ACCEPT'], etc. its('ports') { should cmp ["80/tcp", "443/tcp"] }
end
### protocols
The `protocols` property is used in conjunction with the where class to display the protocols used by an active zone.
describe firewalld.where { zone == 'public' } do
its('protocols') { should cmp ["icmp", "ipv4"] }
end end
### default_zone ### default_zone
@ -131,4 +152,16 @@ The `be_running` matcher tests if the firewalld service is running:
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') } it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action.
### `have_icmp_block_inversion_enabled`
`have_icmp_block_inversion_enabled` returns true or false if ICMP block inversion flag is set for the indicated zone.
it { should have_icmp_block_inversion_enabled }
### `have_masquerade_enabled`
`have_masquerade_enabled` returns true or false if the masquerade flag is set for the indicated zone.
it { should have_masquerade_enabled }

View file

@ -57,7 +57,7 @@ describe "Inspec::Resources::FirewallD" do
it "detects protocols in an active zone" do it "detects protocols in an active zone" do
entries = cent_resource.where { zone == "public" } entries = cent_resource.where { zone == "public" }
_(entries.protocols).must_equal [%w{icmp ipv4}] _(entries.protocols).must_equal [["icmp", "ipv4"]]
end end
it "detects whether IPv4 masquerading is enabled in an active zone" do it "detects whether IPv4 masquerading is enabled in an active zone" do