awspec 1.32.0 → 1.34.0

data/lib/awspec/helper/finder/backup.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Backup
+      def find_backup_vault(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_vaults(req)
+          selected += res.backup_vault_list.select do |v|
+            v.backup_vault_name == id || v.backup_vault_arn == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_plan(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          selected += res.backup_plans_list.select do |p|
+            p.backup_plan_name == id || p.backup_plan_arn == id || p.backup_plan_id == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_selection(id)
+        backup_plans = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          backup_plans += res.backup_plans_list.map { |p| p.backup_plan_id }
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        selected = []
+        next_token = nil
+
+        backup_plans.each do |plan_id|
+          loop do
+            res = backup_client.list_backup_selections({ backup_plan_id: plan_id, next_token: next_token })
+            selected += res.backup_selections_list.select do |s|
+              s.selection_id == id || s.selection_name == id
+            end
+            break if res.next_token.nil?
+
+            next_token = res.next_token
+          end
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def select_backup_rule_by_plan_id(id)
+        selected = []
+        req = { backup_plan_id: id }
+        res = backup_client.get_backup_plan(req)
+        selected = res.backup_plan.rules
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def locked?
+        resource_via_client.locked
+      end
+
+      def airgapped?
+        resource_via_client.vault_type == 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT'
+      end
+
+      STATES = %w[
+        creating available failed
+      ]
+      STATES.each do |state|
+        define_method "#{state}?" do
+          resource_via_client.vault_state.downcase == state
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder/transfer.rb

@@ -4,8 +4,28 @@ module Awspec::Helper
   module Finder
     module Transfer
       def find_transfer_server(id)
-        res = transfer_client.describe_server(server_id: id)
+        res = transfer_client.describe_server({ server_id: id })
         res.server
+      rescue Aws::Transfer::Errors::ValidationException, Aws::Transfer::Errors::ResourceNotFoundException
+        req = {}
+        servers = []
+        loop do
+          res = transfer_client.list_servers(req)
+          servers.push(*res.servers)
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        servers.each do |s|
+          server = transfer_client.describe_server({ server_id: s.server_id }).server
+          server.tags.each do |tag|
+            if tag.key == 'Name' && tag.value == id
+              return server
+            end
+          end
+        end
+        nil
       end
     end
   end

data/lib/awspec/helper/finder/wafv2.rb

@@ -22,6 +22,26 @@ module Awspec::Helper
         res = wafv2_client.get_ip_set({ name: name, scope: scope, id: id })
         res.ip_set
       end
+
+      def find_web_acl(scope, name)
+        web_acls = select_all_web_acls(scope)
+        web_acl = web_acls.find do |acl|
+          acl.name == name
+        end
+        return false unless web_acl
+
+        get_web_acl(scope, name, web_acl.id)
+      end
+
+      def select_all_web_acls(scope)
+        res = wafv2_client.list_web_acls({ scope: scope })
+        res.web_acls
+      end
+
+      def get_web_acl(scope, name, id)
+        res = wafv2_client.get_web_acl({ name: name, scope: scope, id: id })
+        res.web_acl
+      end
     end
   end
 end

data/lib/awspec/helper/finder.rb

@@ -57,6 +57,7 @@ require 'awspec/helper/finder/cognito_identity_pool'
 require 'awspec/helper/finder/transfer'
 require 'awspec/helper/finder/codepipeline'
 require 'awspec/helper/finder/wafv2'
+require 'awspec/helper/finder/backup'
 
 require 'awspec/helper/finder/account_attributes'
 
@@ -121,6 +122,7 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Transfer
     include Awspec::Helper::Finder::Codepipeline
     include Awspec::Helper::Finder::Wafv2
+    include Awspec::Helper::Finder::Backup
 
     CLIENTS = {
       ec2_client: Aws::EC2::Client,
@@ -171,7 +173,8 @@ module Awspec::Helper
       cognito_identity_provider_client: Aws::CognitoIdentityProvider::Client,
       transfer_client: Aws::Transfer::Client,
       codepipeline_client: Aws::CodePipeline::Client,
-      wafv2_client: Aws::WAFV2::Client
+      wafv2_client: Aws::WAFV2::Client,
+      backup_client: Aws::Backup::Client
     }
 
     CLIENT_OPTIONS = {

data/lib/awspec/helper/type.rb

@@ -24,7 +24,8 @@ module Awspec
         internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
         codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
         secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool vpc_endpoints
-        transfer_server managed_prefix_list codepipeline wafv2_ip_set
+        transfer_server managed_prefix_list codepipeline wafv2_ip_set wafv2_web_acl
+        backup_vault backup_plan backup_selection
       ]
 
       ACCOUNT_ATTRIBUTES = %w[

data/lib/awspec/matcher/belong_to_backup_plan.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+RSpec::Matchers.define :belong_to_backup_plan do |plan|
+  match do |type|
+    return true if type.backup_plan_id == plan
+
+    ret = type.find_backup_plan(plan)
+    return false unless ret
+
+    type.backup_plan_id == (ret.backup_plan_id)
+  end
+end

data/lib/awspec/matcher/have_plan_rule.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+RSpec::Matchers.define :have_plan_rule do |rule_id|
+  match do |plan|
+    plan.has_plan_rule?(rule_id,
+                        rule_name: @rule_name,
+                        target_backup_vault_name: @target_backup_vault_name,
+                        schedule_expression: @schedule_expression,
+                        start_window_minutes: @start_window_minutes,
+                        completion_window_minutes: @completion_window_minutes,
+                        lifecycle: @lifecycle,
+                        enable_continuous_backup: @enable_continuous_backup,
+                        schedule_expression_timezone: @schedule_expression_timezone)
+  end
+
+  chain :rule_name do |rule_name|
+    @rule_name = rule_name
+  end
+
+  chain :target_backup_vault_name do |target_backup_vault_name|
+    @target_backup_vault_name = target_backup_vault_name
+  end
+
+  chain :schedule_expression do |schedule_expression|
+    @schedule_expression = schedule_expression
+  end
+
+  chain :start_window_minutes do |start_window_minutes|
+    @start_window_minutes = start_window_minutes
+  end
+
+  chain :completion_window_minutes do |completion_window_minutes|
+    @completion_window_minutes = completion_window_minutes
+  end
+
+  chain :lifecycle do |lifecycle|
+    @lifecycle = lifecycle
+  end
+
+  chain :enable_continuous_backup do |enable_continuous_backup|
+    @enable_continuous_backup = enable_continuous_backup
+  end
+
+  chain :schedule_expression_timezone do |schedule_expression_timezone|
+    @schedule_expression_timezone = schedule_expression_timezone
+  end
+end

data/lib/awspec/matcher/have_rule.rb

@@ -4,6 +4,7 @@ RSpec::Matchers.define :have_rule do |rule_id|
   match do |type|
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafWebAcl)
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafregionalWebAcl)
+    return type.has_rule?(rule_id, @priority, @action, @override_action) if type.instance_of?(Awspec::Type::Wafv2WebAcl)
     return type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::AlbListener)
 
     type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::NlbListener)
@@ -21,6 +22,10 @@ RSpec::Matchers.define :have_rule do |rule_id|
     @action = action
   end
 
+  chain :override_action do |override_action|
+    @override_action = override_action
+  end
+
   chain :conditions do |conditions|
     @conditions = conditions
   end

data/lib/awspec/matcher.rb

@@ -93,3 +93,9 @@ require 'awspec/matcher/have_env_var_value'
 
 # ManagedPrefixList
 require 'awspec/matcher/have_cidr'
+
+# BackupSelection
+require 'awspec/matcher/belong_to_backup_plan'
+
+# BackupPlan
+require 'awspec/matcher/have_plan_rule'

data/lib/awspec/stub/backup_plan.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          backup_plan_id: 'a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          creation_date: Time.new(2016, 4, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'kMlWPgkmipEb4I9gOEZpdoQiMgxP5KIizKLDhhblGiixgahy',
+          backup_plan_name: 'old-obsolete-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        },
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    },
+    get_backup_plan: {
+      backup_plan: {
+        backup_plan_name: 'my-backup-plan',
+        rules: [
+          {
+            rule_name: 'my-daily-backup',
+            target_backup_vault_name: 'my-backup-vault',
+            schedule_expression: 'cron(0 0 * * ? *)',
+            start_window_minutes: 360,
+            completion_window_minutes: 1440,
+            lifecycle: {
+              delete_after_days: 7
+            },
+            rule_id: '8dd6ef67-9eeb-4743-98be-5b4c582ee3d0',
+            enable_continuous_backup: false,
+            schedule_expression_timezone: 'Etc/UTC'
+          },
+          {
+            rule_name: 'backup-rule-hourly-30-days',
+            target_backup_vault_name: 'Default',
+            schedule_expression: 'cron(30 * ? * * *)',
+            start_window_minutes: 60,
+            completion_window_minutes: 1440,
+            lifecycle: {
+              delete_after_days: 30
+            },
+            rule_id: 'febe7fd4-c95f-4d26-b502-97adf2fd0cf4',
+            enable_continuous_backup: false,
+            schedule_expression_timezone: 'Etc/UTC'
+          }
+        ]
+      },
+      backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+      backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+      version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+      creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+      last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00')
+    }
+  }
+}

data/lib/awspec/stub/backup_selection.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    },
+    list_backup_selections: {
+      backup_selections_list: [
+        selection_id: '01dfb41f-c3ca-4b45-91e7-63ef43fe7231',
+        selection_name: 'my-backup-selection',
+        backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+        creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+        creator_request_id: nil,
+        iam_role_arn: 'arn:aws:iam::111122223333:role/service-role/my-backup-service-role'
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/backup_vault.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_vaults: {
+      backup_vault_list: [
+        {
+          backup_vault_name: 'Default',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:Default',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 0,
+          locked: false,
+          min_retention_days: nil,
+          max_retention_days: nil,
+          lock_date: nil
+        },
+        {
+          backup_vault_name: 'my-backup-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-vault',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 123,
+          locked: true,
+          min_retention_days: 7,
+          max_retention_days: 35,
+          lock_date: Time.new(2024, 10, 4, 9, 00, 00, '+00:00')
+        },
+        {
+          backup_vault_name: 'my-airgapped-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-airgapped-vault',
+          vault_type: 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: nil,
+          number_of_recovery_points: 12,
+          locked: false,
+          min_retention_days: 30,
+          max_retention_days: 30,
+          lock_date: nil
+        }
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/rds_db_cluster.rb

@@ -78,7 +78,12 @@ Aws.config[:rds] = {
           copy_tags_to_snapshot: false,
           cross_account_clone: false,
           domain_memberships: [],
-          tag_list: [],
+          tag_list: [
+            {
+              key: 'env',
+              value: 'dev'
+            }
+          ],
           global_write_forwarding_status: nil,
           global_write_forwarding_requested: false,
           pending_modified_values: nil,

data/lib/awspec/stub/rds_global_cluster.rb

@@ -30,7 +30,13 @@ Aws.config[:rds] = {
               global_write_forwarding_status: 'disabled'
             }
           ],
-          failover_state: nil
+          failover_state: nil,
+          tag_list: [
+            {
+              key: 'env',
+              value: 'dev'
+            }
+          ]
         }
       ],
       marker: nil

data/lib/awspec/stub/transfer_server.rb

@@ -3,10 +3,10 @@
 Aws.config[:transfer] = {
   stub_responses: {
     describe_server: {
-      server: Aws::Transfer::Types::DescribedServer.new(
+      server: {
         arn: 'arn:aws:transfer:us-east-1:1234567890:server/s-4dc0a424f0154fa89',
         domain: 'S3',
-        endpoint_details: Aws::Transfer::Types::EndpointDetails.new(
+        endpoint_details: {
           address_allocation_ids: %w[
             eipalloc-00000000000000001
             eipalloc-00000000000000002
@@ -19,7 +19,7 @@ Aws.config[:transfer] = {
           ],
           vpc_endpoint_id: 'vpce-00000000000000001',
           vpc_id: 'vpc-0123456789abcdefg'
-        ),
+        },
         endpoint_type: 'VPC',
         host_key_fingerprint: 'SHA256:0pj2UnuoFAKEfHrCZwfPwuFinG3RJEVir/m8bPRINTo=',
         identity_provider_type: 'SERVICE_MANAGED',
@@ -29,13 +29,32 @@ Aws.config[:transfer] = {
         server_id: 's-4dc0a424f0154fa89',
         state: 'ONLINE',
         tags: [
-          Aws::Transfer::Types::Tag.new(
+          {
             key: 'env',
             value: 'dev'
-          )
+          },
+          {
+            key: 'Name',
+            value: 'my-transfer-server'
+          }
         ],
         user_count: 13
-      )
+      }
+    },
+    list_servers: {
+      next_token: nil,
+      servers: [
+        {
+          arn: 'arn:aws:transfer:us-east-1:1234567890:server/s-4dc0a424f0154fa89',
+          domain: 'S3',
+          identity_provider_type: 'SERVICE_MANAGED',
+          endpoint_type: 'VPC',
+          logging_role: 'arn:aws:iam::1234567890:role/service-role/AWSTransferLoggingAccess',
+          server_id: 's-4dc0a424f0154fa89',
+          state: 'ONLINE',
+          user_count: 13
+        }
+      ]
     }
   }
 }

data/lib/awspec/stub/wafv2_ip_set.rb

@@ -4,9 +4,10 @@ Aws.config[:wafv2] = {
   stub_responses: {
     get_ip_set: {
       ip_set: {
-        name: 'my-ip-set',
+        name: 'my-wafv2-ip-set',
         id: '01234567-89ab-cdef-0123-456789abcdef',
-        arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/my-ip-set/01234567-89ab-cdef-0123-456789abcdef',
+        arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/'\
+             'my-wafv2-ip-set/01234567-89ab-cdef-0123-456789abcdef',
         description: 'dev ips',
         ip_address_version: 'IPV4',
         addresses: [
@@ -17,14 +18,15 @@ Aws.config[:wafv2] = {
       lock_token: '01234567-89ab-cdef-0123456789abcdef0'
     },
     list_ip_sets: {
-      next_marker: 'my-ip-set',
+      next_marker: 'my-wafv2-ip-set',
       ip_sets: [
         {
-          name: 'my-ip-set',
+          name: 'my-wafv2-ip-set',
           id: '01234567-89ab-cdef-0123-456789abcdef',
           description: 'dev ips',
           lock_token: '01234567-89ab-cdef-0123456789abcdef0',
-          arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/my-ip-set/01234567-89ab-cdef-0123-456789abcdef'
+          arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/'\
+               'my-wafv2-ip-set/01234567-89ab-cdef-0123-456789abcdef'
         }
       ]
     }