From 4ebd27fdafcea73961b4513e70d8c723b6f0617f Mon Sep 17 00:00:00 2001 From: chantra Date: Fri, 29 Aug 2014 01:11:12 -0700 Subject: [PATCH] Adds ip6tables resource to serverspec --- lib/serverspec/helper/type.rb | 2 +- lib/serverspec/matchers.rb | 4 ++-- lib/serverspec/matchers/have_rule.rb | 2 +- lib/serverspec/type/ip6tables.rb | 13 +++++++++++++ spec/debian/ip6tables_spec.rb | 21 +++++++++++++++++++++ spec/fedora/ip6tables_spec.rb | 21 +++++++++++++++++++++ spec/gentoo/ip6tables_spec.rb | 21 +++++++++++++++++++++ spec/plamo/ip6tables_spec.rb | 21 +++++++++++++++++++++ spec/redhat/ip6tables_spec.rb | 21 +++++++++++++++++++++ 9 files changed, 122 insertions(+), 4 deletions(-) create mode 100644 lib/serverspec/type/ip6tables.rb create mode 100644 spec/debian/ip6tables_spec.rb create mode 100644 spec/fedora/ip6tables_spec.rb create mode 100644 spec/gentoo/ip6tables_spec.rb create mode 100644 spec/plamo/ip6tables_spec.rb create mode 100644 spec/redhat/ip6tables_spec.rb diff --git a/lib/serverspec/helper/type.rb b/lib/serverspec/helper/type.rb index 5e5c2d2d..f12395d9 100644 --- a/lib/serverspec/helper/type.rb +++ b/lib/serverspec/helper/type.rb @@ -3,7 +3,7 @@ module Helper module Type types = %w( base cgroup command cron default_gateway file group host iis_website iis_app_pool interface - ipfilter ipnat iptables kernel_module linux_kernel_parameter lxc mail_alias + ipfilter ipnat iptables ip6tables kernel_module linux_kernel_parameter lxc mail_alias package php_config port ppa process routing_table selinux service user yumrepo windows_feature windows_hot_fix windows_registry_key windows_scheduled_task zfs ) diff --git a/lib/serverspec/matchers.rb b/lib/serverspec/matchers.rb index 064938a2..e46558b2 100644 --- a/lib/serverspec/matchers.rb +++ b/lib/serverspec/matchers.rb @@ -29,7 +29,7 @@ require 'serverspec/matchers/return_stdout' require 'serverspec/matchers/return_stderr' -# ipfiter, ipnat, iptables +# ipfiter, ipnat, iptables, ip6tables require 'serverspec/matchers/have_rule' # cron, routing_table @@ -38,4 +38,4 @@ # iis_website require 'serverspec/matchers/have_site_application' require 'serverspec/matchers/have_site_bindings' -require 'serverspec/matchers/have_virtual_dir' \ No newline at end of file +require 'serverspec/matchers/have_virtual_dir' diff --git a/lib/serverspec/matchers/have_rule.rb b/lib/serverspec/matchers/have_rule.rb index 0ca5f616..88982ec8 100644 --- a/lib/serverspec/matchers/have_rule.rb +++ b/lib/serverspec/matchers/have_rule.rb @@ -1,6 +1,6 @@ RSpec::Matchers.define :have_rule do |rule| match do |subject| - if subject.class.name == 'Serverspec::Type::Iptables' + if subject.class.name == 'Serverspec::Type::Iptables' || subject.class.name == 'Serverspec::Type::Ip6tables' subject.has_rule?(rule, @table, @chain) else subject.has_rule?(rule) diff --git a/lib/serverspec/type/ip6tables.rb b/lib/serverspec/type/ip6tables.rb new file mode 100644 index 00000000..88d6ed96 --- /dev/null +++ b/lib/serverspec/type/ip6tables.rb @@ -0,0 +1,13 @@ +module Serverspec + module Type + class Ip6tables < Base + def has_rule?(rule, table, chain) + backend.check_ip6tables_rule(rule, table, chain) + end + + def to_s + 'ip6tables' + end + end + end +end diff --git a/spec/debian/ip6tables_spec.rb b/spec/debian/ip6tables_spec.rb new file mode 100644 index 00000000..f516ce3e --- /dev/null +++ b/spec/debian/ip6tables_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +include SpecInfra::Helper::Debian + +describe ip6tables do + it { should have_rule '-P INPUT ACCEPT' } + its(:command) { should eq "ip6tables -S | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule 'invalid-rule' } +end + +describe ip6tables do + it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') } + its(:command) { should eq "ip6tables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save -t mangle | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule('invalid-rule').with_table('mangle').with_chain('INPUT') } +end diff --git a/spec/fedora/ip6tables_spec.rb b/spec/fedora/ip6tables_spec.rb new file mode 100644 index 00000000..2c886cd1 --- /dev/null +++ b/spec/fedora/ip6tables_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +include SpecInfra::Helper::Fedora + +describe ip6tables do + it { should have_rule '-P INPUT ACCEPT' } + its(:command) { should eq "ip6tables -S | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule 'invalid-rule' } +end + +describe ip6tables do + it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') } + its(:command) { should eq "ip6tables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save -t mangle | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule('invalid-rule').with_table('mangle').with_chain('INPUT') } +end diff --git a/spec/gentoo/ip6tables_spec.rb b/spec/gentoo/ip6tables_spec.rb new file mode 100644 index 00000000..9541a7ad --- /dev/null +++ b/spec/gentoo/ip6tables_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +include SpecInfra::Helper::Gentoo + +describe ip6tables do + it { should have_rule '-P INPUT ACCEPT' } + its(:command) { should eq "ip6tables -S | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule 'invalid-rule' } +end + +describe ip6tables do + it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') } + its(:command) { should eq "ip6tables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save -t mangle | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule('invalid-rule').with_table('mangle').with_chain('INPUT') } +end diff --git a/spec/plamo/ip6tables_spec.rb b/spec/plamo/ip6tables_spec.rb new file mode 100644 index 00000000..f2103738 --- /dev/null +++ b/spec/plamo/ip6tables_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +include SpecInfra::Helper::Plamo + +describe ip6tables do + it { should have_rule '-P INPUT ACCEPT' } + its(:command) { should eq "ip6tables -S | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule 'invalid-rule' } +end + +describe ip6tables do + it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') } + its(:command) { should eq "ip6tables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save -t mangle | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule('invalid-rule').with_table('mangle').with_chain('INPUT') } +end diff --git a/spec/redhat/ip6tables_spec.rb b/spec/redhat/ip6tables_spec.rb new file mode 100644 index 00000000..4008561b --- /dev/null +++ b/spec/redhat/ip6tables_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +include SpecInfra::Helper::RedHat + +describe ip6tables do + it { should have_rule '-P INPUT ACCEPT' } + its(:command) { should eq "ip6tables -S | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule 'invalid-rule' } +end + +describe ip6tables do + it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') } + its(:command) { should eq "ip6tables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT || ip6tables-save -t mangle | grep -- -P\\ INPUT\\ ACCEPT" } +end + +describe ip6tables do + it { should_not have_rule('invalid-rule').with_table('mangle').with_chain('INPUT') } +end