awspec 0.52.4 → 0.54.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e393eeb36c4eccf1cbd32d049cf124f22dd3600f
-  data.tar.gz: 66932a70dcf579e8846121c99cb219a73c1170c2
+  metadata.gz: 2d2a41e2828f5a25b1300bcc300425153df818ef
+  data.tar.gz: d5228c0353fb70b41aa66ce0aa2a86a918ed008d
 SHA512:
-  metadata.gz: f708d931d45c30313af2ce8566f261449e9a18d5a5a6f91e9b93458ff33888921dd7bdf15d1a4e69e92eeac42995622eced4bdb7bec1aec2c89ab254ba1f7d1d
-  data.tar.gz: 93bac28b5810a34334ab2f269ac834aaae82ca3b55d77be75a52d57341ceb98334f127675dcf97fe7864f0ee9451de790c936f38a762be40c24fd521e1dfdbef
+  metadata.gz: 47f40131bb7292c146ab29716f988b3961cfad51d94c5ec5a6e5d3b32c279f21e7c2248cae73c02cdf23bb8efc1bca9ec0250d1adcb2d6721bb9b9bd62c8ab2a
+  data.tar.gz: a48177d7fde1e573422f781edba9395a7ca0635f3af490142f689b7f1b783f230e9287b9a5d378c6b1cbad8fc44327d66e941b909358e8b8f68c2fc02ab9f956

data/doc/_resource_types/elasticsearch.md

@@ -0,0 +1,48 @@
+### exist
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should exist }
+end
+```
+
+### be_created
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should be_created }
+end
+```
+
+### be_deleted
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should be_deleted }
+end
+```
+
+### have_access_policies
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+ it do
+    should have_access_policies <<-policy
+{
+  "version": "2012-10-17",
+  "statement": [
+    {
+      "effect": "allow",
+      "principal": "*",
+      "action": [
+        "es:*"
+      ],
+      "resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
+    }
+  ]
+}
+  policy
+  end
+end
+```
+

data/doc/_resource_types/kms.md

@@ -0,0 +1,70 @@
+### exist
+
+```ruby
+describe kms('my-kms-key') do
+  it { should exist }
+end
+```
+
+### be_enabled
+
+```ruby
+describe kms('my-kms-key') do
+  it { should be_enabled }
+end
+```
+
+### have_key_policy
+
+```ruby
+describe kms('my-kms-key') do
+  it { should exist }
+  it { should be_enabled }
+  it do
+    should have_key_policy('default').policy_document(<<-'DOC')
+{
+  "Version" : "2012-10-17",
+  "Id" : "key-consolepolicy-2",
+  "Statement" : [ {
+    "Sid" : "Enable IAM User Permissions",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:root"
+    },
+    "Action" : "kms:*",
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow access for Key Administrators",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:user/test-user"
+    },
+    "Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow use of the key",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow attachment of persistent resources",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
+    "Resource" : "*",
+    "Condition" : {
+      "Bool" : {
+        "kms:GrantIsForAWSResource" : "true"
+      }
+    }
+  } ]
+}
+DOC
+  end
+end
+```

data/doc/_resource_types/rds.md

@@ -18,7 +18,7 @@ end
 
 ```ruby
 describe rds('my-rds') do
-  it { should belong_to_db_subnet_group('my-db-subnet-group') }
+  it { should have_db_parameter_group('my-db-parameter-group') }
 end
 ```
 

data/doc/resource_types.md

@@ -10,11 +10,13 @@
 | [ec2](#ec2)
 | [elasticache](#elasticache)
 | [elasticache_cache_parameter_group](#elasticache_cache_parameter_group)
+| [elasticsearch](#elasticsearch)
 | [elb](#elb)
 | [iam_group](#iam_group)
 | [iam_policy](#iam_policy)
 | [iam_role](#iam_role)
 | [iam_user](#iam_user)
+| [kms](#kms)
 | [lambda](#lambda)
 | [launch_configuration](#launch_configuration)
 | [nat_gateway](#nat_gateway)
@@ -520,6 +522,63 @@ end
 ```
 
 
+## <a name="elasticsearch">elasticsearch</a>
+
+Elasticsearch resource type.
+
+### exist
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should exist }
+end
+```
+
+
+### be_created
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should be_created }
+end
+```
+
+
+### be_deleted
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+  it { should be_deleted }
+end
+```
+
+
+### have_access_policies
+
+```ruby
+describe elasticsearch('my-elasticsearch') do
+ it do
+    should have_access_policies <<-policy
+{
+  "version": "2012-10-17",
+  "statement": [
+    {
+      "effect": "allow",
+      "principal": "*",
+      "action": [
+        "es:*"
+      ],
+      "resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
+    }
+  ]
+}
+  policy
+  end
+end
+```
+
+
+### its(:domain_id), its(:domain_name), its(:arn), its(:created), its(:deleted), its(:endpoint), its(:processing), its(:elasticsearch_version), its(:access_policies), its(:snapshot_options), its(:advanced_options)
 ## <a name="elb">elb</a>
 
 ELB resource type.
@@ -860,6 +919,84 @@ describe iam_user('my-iam-user') do
 end
 ```
 
+## <a name="kms">kms</a>
+
+Kms resource type.
+
+### exist
+
+```ruby
+describe kms('my-kms-key') do
+  it { should exist }
+end
+```
+
+
+### be_enabled
+
+```ruby
+describe kms('my-kms-key') do
+  it { should be_enabled }
+end
+```
+
+
+### have_key_policy
+
+```ruby
+describe kms('my-kms-key') do
+  it { should exist }
+  it { should be_enabled }
+  it do
+    should have_key_policy('default').policy_document(<<-'DOC')
+{
+  "Version" : "2012-10-17",
+  "Id" : "key-consolepolicy-2",
+  "Statement" : [ {
+    "Sid" : "Enable IAM User Permissions",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:root"
+    },
+    "Action" : "kms:*",
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow access for Key Administrators",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:user/test-user"
+    },
+    "Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow use of the key",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow attachment of persistent resources",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
+    "Resource" : "*",
+    "Condition" : {
+      "Bool" : {
+        "kms:GrantIsForAWSResource" : "true"
+      }
+    }
+  } ]
+}
+DOC
+  end
+end
+```
+
+### its(:aws_account_id), its(:key_id), its(:arn), its(:creation_date), its(:enabled), its(:description), its(:key_usage), its(:key_state), its(:deletion_date), its(:valid_to), its(:origin), its(:expiration_model)
 ## <a name="lambda">lambda</a>
 
 Lambda resource type.
@@ -1108,7 +1245,7 @@ end
 
 ```ruby
 describe rds('my-rds') do
-  it { should belong_to_db_subnet_group('my-db-subnet-group') }
+  it { should have_db_parameter_group('my-db-parameter-group') }
 end
 ```
 

data/lib/awspec/generator.rb

@@ -6,6 +6,7 @@ require 'awspec/generator/spec/security_group'
 require 'awspec/generator/spec/route53_hosted_zone'
 require 'awspec/generator/spec/elb'
 require 'awspec/generator/spec/iam_policy'
+require 'awspec/generator/spec/kms'
 require 'awspec/generator/spec/cloudwatch_alarm'
 require 'awspec/generator/spec/cloudwatch_event'
 require 'awspec/generator/spec/network_acl'

data/lib/awspec/generator/doc/type/elasticsearch.rb

@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class Elasticsearch < Base
+        def initialize
+          super
+          @type_name = 'Elasticsearch'
+          @type = Awspec::Type::Elasticsearch.new('my-elasticsearch')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/doc/type/kms.rb

@@ -0,0 +1,17 @@
+module Awspec::Generator
+  module Doc
+    module Type
+      class Kms < Base
+        def initialize
+          super
+          @type_name = 'Kms'
+          @type = Awspec::Type::Kms.new('my-kms-key')
+          @ret = @type.resource_via_client
+          @matchers = []
+          @ignore_matchers = []
+          @describes = []
+        end
+      end
+    end
+  end
+end

data/lib/awspec/generator/spec/elasticsearch.rb

@@ -0,0 +1,38 @@
+module Awspec::Generator
+  module Spec
+    class ElasticSearch
+      include Awspec::Helper::Finder
+      def generate_all
+        domains = select_all_elasticsearch_domains
+        raise 'Not Found alarm' if events.empty?
+        ERB.new(domain_spec_template, nil, '-').result(binding).chomp
+      end
+
+      def domain_spec_template
+        template = <<-'EOF'
+<% domain.each do |domain| %>
+describe elasticsearch('<%= domain.domain_name %>') do
+  it { should exist }
+  <% if domain.ebs_options.created %>
+  it { should be_created }
+  <% end %>
+  <% if domain.ebs_options.deleted %>
+  it { should be_deleted }
+  <% end %>
+  its(:elasticsearch_version) { should eq <%= domain.elasticsearch_version %> }
+  its('elasticsearch_cluster_config.instance_type') { should eq <%= domain.elasticsearch_cluster_config.instance_type %> }
+  its('ebs_options.ebs_enabled') { should eq <%= domain.ebs_options.ebs_enabled %> }
+  <% if domain.ebs_options.ebs_enabled %>
+  its('ebs_options.volume_type') { should eq <%= domain.ebs_options.ebs_volume_type %> }
+  its('ebs_options.volume_size') { should eq <%= domain.ebs_options.ebs_volume_size %> }
+  <% end %>
+  it do
+    should have_access_policies <<-policy
+<%= JSON.pretty_generate(JSON.load(domain.access_policies)) %>
+  policy
+EOF
+        template
+      end
+    end
+  end
+end

data/lib/awspec/generator/spec/kms.rb

@@ -0,0 +1,26 @@
+module Awspec::Generator
+  module Spec
+    class Kms
+      include Awspec::Helper::Finder
+      def generate_all
+        aliases = select_all_kms_aliases
+        raise 'Not Found alias' if aliases.empty?
+        ERB.new(keys_spec_template, nil, '-').result(binding).chomp
+      end
+
+      def keys_spec_template
+        template = <<-'EOF'
+<% aliases.each do |kms_alias| %>
+describe kms('<%= kms_alias.alias_name.split('/').last %>') do
+  it { should exist }
+<% if find_kms_key(kms_alias.target_key_id).enabled -%>
+  it { should be_enable }
+<% end -%>
+end
+<% end %>
+EOF
+        template
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder.rb

@@ -11,7 +11,9 @@ require 'awspec/helper/finder/ebs'
 require 'awspec/helper/finder/elb'
 require 'awspec/helper/finder/lambda'
 require 'awspec/helper/finder/iam'
+require 'awspec/helper/finder/kms'
 require 'awspec/helper/finder/elasticache'
+require 'awspec/helper/finder/elasticsearch'
 require 'awspec/helper/finder/cloudwatch'
 require 'awspec/helper/finder/cloudwatch_event'
 require 'awspec/helper/finder/ses'
@@ -35,7 +37,9 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Elb
     include Awspec::Helper::Finder::Lambda
     include Awspec::Helper::Finder::Iam
+    include Awspec::Helper::Finder::Kms
     include Awspec::Helper::Finder::Elasticache
+    include Awspec::Helper::Finder::Elasticsearch
     include Awspec::Helper::Finder::Cloudwatch
     include Awspec::Helper::Finder::CloudwatchEvent
     include Awspec::Helper::Finder::Ses
@@ -54,6 +58,7 @@ module Awspec::Helper
       elb_client: Aws::ElasticLoadBalancing::Client,
       lambda_client: Aws::Lambda::Client,
       iam_client: Aws::IAM::Client,
+      kms_client: Aws::KMS::Client,
       elasticache_client: Aws::ElastiCache::Client,
       cloudwatch_client: Aws::CloudWatch::Client,
       cloudwatch_event_client: Aws::CloudWatchEvents::Client,
@@ -61,6 +66,7 @@ module Awspec::Helper
       directconnect_client: Aws::DirectConnect::Client,
       cloudfront_client: Aws::CloudFront::Client,
       elastictranscoder_client: Aws::ElasticTranscoder::Client,
+      elasticsearch_client: Aws::ElasticsearchService::Client,
       cloudtrail_client: Aws::CloudTrail::Client
     }
 

data/lib/awspec/helper/finder/elasticsearch.rb

@@ -0,0 +1,19 @@
+module Awspec::Helper
+  module Finder
+    module Elasticsearch
+      def find_elasticsearch_domain(id)
+        res = elasticsearch_client.describe_elasticsearch_domain(domain_name: id)
+        res.domain_status
+      rescue
+        nil
+      end
+
+      def select_all_elasticsearch_domains
+        domain_names = elastisearch_client.list_domain_names
+        domain_names.map do |domain_name|
+          elasticsearch_client.describe_elasticsearch_domain(domain_name)
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder/kms.rb

@@ -0,0 +1,22 @@
+module Awspec::Helper
+  module Finder
+    module Kms
+      def find_kms_key(key_id)
+        kms_client.describe_key(key_id: key_id).key_metadata
+      rescue
+        nil
+      end
+
+      def find_kms_key_by_alias(key_alias_name)
+        key = kms_client.list_aliases.aliases.find do |key_alias|
+          key_alias.alias_name == "alias/#{key_alias_name}"
+        end
+        find_kms_key(key.target_key_id)
+      end
+
+      def select_all_kms_aliases
+        kms_client.list_aliases.aliases
+      end
+    end
+  end
+end

data/lib/awspec/helper/type.rb

@@ -5,8 +5,8 @@ module Awspec
 
       TYPES = %w(
         ami autoscaling_group cloudtrail cloudwatch_alarm cloudwatch_event directconnect_virtual_interface
-        ebs ec2 elasticache elasticache_cache_parameter_group elb iam_group
-        iam_policy iam_role iam_user lambda launch_configuration nat_gateway
+        ebs ec2 elasticache elasticache_cache_parameter_group elasticsearch elb iam_group
+        iam_policy iam_role iam_user kms lambda launch_configuration nat_gateway
         network_acl network_interface rds rds_db_cluster_parameter_group rds_db_parameter_group route53_hosted_zone
         route_table s3_bucket security_group ses_identity subnet vpc cloudfront_distribution
         elastictranscoder_pipeline

data/lib/awspec/matcher.rb

@@ -40,3 +40,6 @@ require 'awspec/matcher/have_private_ip_address'
 
 # CloudFront
 require 'awspec/matcher/have_origin'
+
+# Kms
+require 'awspec/matcher/have_key_policy'

data/lib/awspec/matcher/have_key_policy.rb

@@ -0,0 +1,9 @@
+RSpec::Matchers.define :have_key_policy do |policy_name|
+  match do |key_type|
+    key_type.has_key_policy?(policy_name, @document)
+  end
+
+  chain :policy_document do |document|
+    @document = document
+  end
+end

data/lib/awspec/stub/elasticsearch.rb

@@ -0,0 +1,52 @@
+
+Aws.config[:elasticsearchservice] = {
+  stub_responses: {
+    list_domain_names: {
+      domain_names: [
+        {
+          domain_name: 'my-elasticsearch'
+        }
+      ]
+    },
+    describe_elasticsearch_domain: {
+      domain_status: {
+        domain_id: '123456789012/streaming-logs',
+        domain_name: 'my-elasticsearch',
+        arn: 'arn:aws:es:us-east-1:123456789012:domain/streaming-logs',
+        created: true,
+        deleted: false,
+        endpoint: 'search-streaming-logs-okga24ftzsbz2a2hzhsqw73jpy.us-east-1.es.a9.com',
+        processing: false,
+        elasticsearch_version: '2.3',
+        elasticsearch_cluster_config: {
+          instance_type: 't2.micro.elasticsearch',
+          instance_count: 3,
+          dedicated_master_enabled: true,
+          zone_awareness_enabled: false,
+          dedicated_master_type: 'm3.medium.elasticsearch',
+          dedicated_master_count: 3
+        },
+        ebs_options: {
+          ebs_enabled: true,
+          volume_size: 10,
+          volume_type: 'gp2'
+        },
+        access_policies: <<-EOS.gsub(/\n/, '').gsub(/ /, '')
+{
+  "version": "2012-10-17",
+  "statement": [
+    {
+      "effect": "allow",
+      "principal": "*",
+      "action": [
+        "es:*"
+      ],
+      "resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
+    }
+  ]
+}
+EOS
+      }
+    }
+  }
+}

data/lib/awspec/stub/kms.rb

@@ -0,0 +1,71 @@
+Aws.config[:kms] = {
+  stub_responses: {
+    list_aliases: {
+      aliases: [
+        {
+          alias_arn: 'arn:aws:kms:us-east-1:1234567890:alias/my-kms-key',
+          alias_name: 'alias/my-kms-key',
+          target_key_id: 'b9989d41-eeaa-401f-8616-00546948aa92'
+        }
+      ]
+    },
+    describe_key: {
+      key_metadata: {
+        key_id:  'b9989d41-eeaa-401f-8616-00546948aa92',
+        description: '',
+        enabled: true,
+        key_usage: 'ENCRYPT_DECRYPT',
+        key_state: 'Enabled',
+        creation_date: Time.new(2015, 1, 2, 10, 10, 00, '+00:00'),
+        arn: 'arn:aws:kms:us-east-1:1234567890:key/b9989d41-eeaa-401f-8616-00546948aa92',
+        aws_account_id: '1234567890'
+      }
+    },
+    get_key_policy: {
+      policy: <<-DOC
+{
+  "Version" : "2012-10-17",
+  "Id" : "key-consolepolicy-2",
+  "Statement" : [ {
+    "Sid" : "Enable IAM User Permissions",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:root"
+    },
+    "Action" : "kms:*",
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow access for Key Administrators",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : "arn:aws:iam::1234567890:user/test-user"
+    },
+    "Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow use of the key",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
+    "Resource" : "*"
+  }, {
+    "Sid" : "Allow attachment of persistent resources",
+    "Effect" : "Allow",
+    "Principal" : {
+      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
+    },
+    "Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
+    "Resource" : "*",
+    "Condition" : {
+      "Bool" : {
+        "kms:GrantIsForAWSResource" : "true"
+      }
+    }
+  } ]
+}
+DOC
+    }
+  }
+}

data/lib/awspec/type/elasticsearch.rb

@@ -0,0 +1,21 @@
+module Awspec::Type
+  class Elasticsearch < Base
+    def initialize(id)
+      super
+      @resource_via_client = find_elasticsearch_domain(id)
+      @id = @resource_via_client.arn if @resource_via_client
+    end
+
+    def has_access_policies?(policy)
+      @resource_via_client.access_policies == policy.gsub(/\n/, '').gsub(/ /, '')
+    end
+
+    def created?
+      @resource_via_client.created
+    end
+
+    def deleted?
+      @resource_via_client.deleted
+    end
+  end
+end

data/lib/awspec/type/kms.rb

@@ -0,0 +1,19 @@
+module Awspec::Type
+  class Kms < Base
+    def initialize(id)
+      super
+      @resource_via_client = find_kms_key_by_alias(id)
+      @id = @resource_via_client.arn if @resource_via_client
+    end
+
+    def enabled?
+      @resource_via_client.enabled
+    end
+
+    def has_key_policy?(policy_name, document = nil)
+      res = kms_client.get_key_policy(key_id: @id, policy_name: policy_name)
+      return JSON.parse(URI.decode(res.policy)) == JSON.parse(document) if document
+      res
+    end
+  end
+end

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '0.52.4'
+  VERSION = '0.54.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awspec
 version: !ruby/object:Gem::Version
-  version: 0.52.4
+  version: 0.54.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-08-29 00:00:00.000000000 Z
+date: 2016-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -216,12 +216,14 @@ files:
 - doc/_resource_types/ec2.md
 - doc/_resource_types/elasticache.md
 - doc/_resource_types/elasticache_cache_parameter_group.md
+- doc/_resource_types/elasticsearch.md
 - doc/_resource_types/elastictranscoder_pipeline.md
 - doc/_resource_types/elb.md
 - doc/_resource_types/iam_group.md
 - doc/_resource_types/iam_policy.md
 - doc/_resource_types/iam_role.md
 - doc/_resource_types/iam_user.md
+- doc/_resource_types/kms.md
 - doc/_resource_types/lambda.md
 - doc/_resource_types/launch_configuration.md
 - doc/_resource_types/nat_gateway.md
@@ -261,12 +263,14 @@ files:
 - lib/awspec/generator/doc/type/ec2.rb
 - lib/awspec/generator/doc/type/elasticache.rb
 - lib/awspec/generator/doc/type/elasticache_cache_parameter_group.rb
+- lib/awspec/generator/doc/type/elasticsearch.rb
 - lib/awspec/generator/doc/type/elastictranscoder_pipeline.rb
 - lib/awspec/generator/doc/type/elb.rb
 - lib/awspec/generator/doc/type/iam_group.rb
 - lib/awspec/generator/doc/type/iam_policy.rb
 - lib/awspec/generator/doc/type/iam_role.rb
 - lib/awspec/generator/doc/type/iam_user.rb
+- lib/awspec/generator/doc/type/kms.rb
 - lib/awspec/generator/doc/type/lambda.rb
 - lib/awspec/generator/doc/type/launch_configuration.rb
 - lib/awspec/generator/doc/type/nat_gateway.rb
@@ -287,11 +291,13 @@ files:
 - lib/awspec/generator/spec/directconnect.rb
 - lib/awspec/generator/spec/ebs.rb
 - lib/awspec/generator/spec/ec2.rb
+- lib/awspec/generator/spec/elasticsearch.rb
 - lib/awspec/generator/spec/elb.rb
 - lib/awspec/generator/spec/iam_group.rb
 - lib/awspec/generator/spec/iam_policy.rb
 - lib/awspec/generator/spec/iam_role.rb
 - lib/awspec/generator/spec/iam_user.rb
+- lib/awspec/generator/spec/kms.rb
 - lib/awspec/generator/spec/lambda.rb
 - lib/awspec/generator/spec/nat_gateway.rb
 - lib/awspec/generator/spec/network_acl.rb
@@ -317,9 +323,11 @@ files:
 - lib/awspec/helper/finder/ebs.rb
 - lib/awspec/helper/finder/ec2.rb
 - lib/awspec/helper/finder/elasticache.rb
+- lib/awspec/helper/finder/elasticsearch.rb
 - lib/awspec/helper/finder/elastictranscoder.rb
 - lib/awspec/helper/finder/elb.rb
 - lib/awspec/helper/finder/iam.rb
+- lib/awspec/helper/finder/kms.rb
 - lib/awspec/helper/finder/lambda.rb
 - lib/awspec/helper/finder/rds.rb
 - lib/awspec/helper/finder/route53.rb
@@ -344,6 +352,7 @@ files:
 - lib/awspec/matcher/belong_to_subnet.rb
 - lib/awspec/matcher/belong_to_vpc.rb
 - lib/awspec/matcher/have_inline_policy.rb
+- lib/awspec/matcher/have_key_policy.rb
 - lib/awspec/matcher/have_origin.rb
 - lib/awspec/matcher/have_private_ip_address.rb
 - lib/awspec/matcher/have_record_set.rb
@@ -364,12 +373,14 @@ files:
 - lib/awspec/stub/ec2.rb
 - lib/awspec/stub/elasticache.rb
 - lib/awspec/stub/elasticache_cache_parameter_group.rb
+- lib/awspec/stub/elasticsearch.rb
 - lib/awspec/stub/elastictranscoder_pipeline.rb
 - lib/awspec/stub/elb.rb
 - lib/awspec/stub/iam_group.rb
 - lib/awspec/stub/iam_policy.rb
 - lib/awspec/stub/iam_role.rb
 - lib/awspec/stub/iam_user.rb
+- lib/awspec/stub/kms.rb
 - lib/awspec/stub/lambda.rb
 - lib/awspec/stub/launch_configuration.rb
 - lib/awspec/stub/nat_gateway.rb
@@ -398,12 +409,14 @@ files:
 - lib/awspec/type/ec2.rb
 - lib/awspec/type/elasticache.rb
 - lib/awspec/type/elasticache_cache_parameter_group.rb
+- lib/awspec/type/elasticsearch.rb
 - lib/awspec/type/elastictranscoder_pipeline.rb
 - lib/awspec/type/elb.rb
 - lib/awspec/type/iam_group.rb
 - lib/awspec/type/iam_policy.rb
 - lib/awspec/type/iam_role.rb
 - lib/awspec/type/iam_user.rb
+- lib/awspec/type/kms.rb
 - lib/awspec/type/lambda.rb
 - lib/awspec/type/launch_configuration.rb
 - lib/awspec/type/nat_gateway.rb