mirror of
https://github.com/inspec/inspec
synced 2024-11-10 23:24:18 +00:00
3263d76627
This should resolve #1011 which provides an ip6tables resource to test IPv6 iptables rules. This is essentially a copy of the iptables resource with a few renames. In addition, I've pulled in the integration tests for iptables into ip6tables and enabled it on docker so that it properly gets tested regularly. The test cookbook recipe has been updated to support all of the current platforms that are being tested. Signed-off-by: Lance Albertson <lance@osuosl.org>
32 lines
1.1 KiB
Ruby
32 lines
1.1 KiB
Ruby
require "helper"
|
|
require "inspec/resource"
|
|
require "inspec/resources/ip6tables"
|
|
|
|
describe "Inspec::Resources::Ip6tables" do
|
|
|
|
# ubuntu 14.04
|
|
it "verify ip6tables on ubuntu" do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource("ip6tables")
|
|
_(resource.has_rule?("-P OUTPUT ACCEPT")).must_equal true
|
|
_(resource.has_rule?("-P OUTPUT DROP")).must_equal false
|
|
end
|
|
|
|
it "verify ip6tables with comments on ubuntu" do
|
|
resource = MockLoader.new(:ubuntu1404).load_resource("ip6tables")
|
|
_(resource.has_rule?('-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -m comment --comment "http-v6 like its 1990" -j ACCEPT')).must_equal true
|
|
end
|
|
|
|
it "verify ip6tables on windows" do
|
|
resource = MockLoader.new(:windows).load_resource("ip6tables")
|
|
_(resource.has_rule?("-P OUTPUT ACCEPT")).must_equal false
|
|
_(resource.has_rule?("-P OUTPUT DROP")).must_equal false
|
|
end
|
|
|
|
# undefined
|
|
it "verify ip6tables on unsupported os" do
|
|
resource = MockLoader.new(:undefined).load_resource("ip6tables")
|
|
_(resource.has_rule?("-P OUTPUT ACCEPT")).must_equal false
|
|
_(resource.has_rule?("-P OUTPUT DROP")).must_equal false
|
|
end
|
|
|
|
end
|