inspec-iggy 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +15 -0
  3. data/README.md +114 -0
  4. data/inspec-iggy.gemspec +26 -0
  5. data/lib/inspec-iggy.rb +7 -0
  6. data/lib/inspec-iggy/cli.rb +53 -0
  7. data/lib/inspec-iggy/cloudformation.rb +104 -0
  8. data/lib/inspec-iggy/inspec_helper.rb +59 -0
  9. data/lib/inspec-iggy/terraform.rb +146 -0
  10. data/lib/inspec-iggy/version.rb +11 -0
  11. data/test/bad.json +6 -0
  12. data/test/bjc-demo-aws-4.5.4.json +851 -0
  13. data/test/main.tf +156 -0
  14. data/test/outputs.tf +11 -0
  15. data/test/terraform.tfstate +383 -0
  16. data/test/variables.tf +35 -0
  17. metadata +80 -0
data/test/main.tf ADDED
@@ -0,0 +1,156 @@
1
+ # Two-Tier example from https://github.com/terraform-providers/terraform-provider-aws
2
+
3
+ # Specify the provider and access details
4
+ provider "aws" {
5
+ region = "${var.aws_region}"
6
+ }
7
+
8
+ # Create a VPC to launch our instances into
9
+ resource "aws_vpc" "default" {
10
+ cidr_block = "10.0.0.0/16"
11
+
12
+ tags {
13
+ iggy_name_hong_kong = "hong-kong",
14
+ iggy_url_hong_kong = "https://github.com/mattray/hong-kong-compliance"
15
+ }
16
+ }
17
+
18
+ # Create an internet gateway to give our subnet access to the outside world
19
+ resource "aws_internet_gateway" "default" {
20
+ vpc_id = "${aws_vpc.default.id}"
21
+ }
22
+
23
+ # Grant the VPC internet access on its main route table
24
+ resource "aws_route" "internet_access" {
25
+ route_table_id = "${aws_vpc.default.main_route_table_id}"
26
+ destination_cidr_block = "0.0.0.0/0"
27
+ gateway_id = "${aws_internet_gateway.default.id}"
28
+ }
29
+
30
+ # Create a subnet to launch our instances into
31
+ resource "aws_subnet" "default" {
32
+ vpc_id = "${aws_vpc.default.id}"
33
+ cidr_block = "10.0.1.0/24"
34
+ map_public_ip_on_launch = true
35
+ }
36
+
37
+ # A security group for the ELB so it is accessible via the web
38
+ resource "aws_security_group" "elb" {
39
+ name = "terraform_example_elb"
40
+ description = "Used in the terraform"
41
+ vpc_id = "${aws_vpc.default.id}"
42
+
43
+ # HTTP access from anywhere
44
+ ingress {
45
+ from_port = 80
46
+ to_port = 80
47
+ protocol = "tcp"
48
+ cidr_blocks = ["0.0.0.0/0"]
49
+ }
50
+
51
+ # outbound internet access
52
+ egress {
53
+ from_port = 0
54
+ to_port = 0
55
+ protocol = "-1"
56
+ cidr_blocks = ["0.0.0.0/0"]
57
+ }
58
+ }
59
+
60
+ # Our default security group to access
61
+ # the instances over SSH and HTTP
62
+ resource "aws_security_group" "default" {
63
+ name = "terraform_example"
64
+ description = "Used in the terraform"
65
+ vpc_id = "${aws_vpc.default.id}"
66
+
67
+ # SSH access from anywhere
68
+ ingress {
69
+ from_port = 22
70
+ to_port = 22
71
+ protocol = "tcp"
72
+ cidr_blocks = ["0.0.0.0/0"]
73
+ }
74
+
75
+ # HTTP access from the VPC
76
+ ingress {
77
+ from_port = 80
78
+ to_port = 80
79
+ protocol = "tcp"
80
+ cidr_blocks = ["10.0.0.0/16"]
81
+ }
82
+
83
+ # outbound internet access
84
+ egress {
85
+ from_port = 0
86
+ to_port = 0
87
+ protocol = "-1"
88
+ cidr_blocks = ["0.0.0.0/0"]
89
+ }
90
+ }
91
+
92
+ resource "aws_elb" "web" {
93
+ name = "terraform-example-elb"
94
+
95
+ subnets = ["${aws_subnet.default.id}"]
96
+ security_groups = ["${aws_security_group.elb.id}"]
97
+ instances = ["${aws_instance.web.id}"]
98
+
99
+ listener {
100
+ instance_port = 80
101
+ instance_protocol = "http"
102
+ lb_port = 80
103
+ lb_protocol = "http"
104
+ }
105
+ }
106
+
107
+ resource "aws_key_pair" "auth" {
108
+ key_name = "${var.key_name}"
109
+ public_key = "${file(var.public_key_path)}"
110
+ }
111
+
112
+ resource "aws_instance" "web" {
113
+ # The connection block tells our provisioner how to
114
+ # communicate with the resource (instance)
115
+ connection {
116
+ # The default username for our AMI
117
+ user = "ubuntu"
118
+
119
+ # The connection will use the local SSH agent for authentication.
120
+ private_key = "${file(var.private_key_path)}"
121
+ }
122
+
123
+ instance_type = "t2.micro"
124
+
125
+ # Lookup the correct AMI based on the region
126
+ # we specified
127
+ ami = "${lookup(var.aws_amis, var.aws_region)}"
128
+
129
+ # The name of our SSH keypair we created above.
130
+ key_name = "${aws_key_pair.auth.id}"
131
+
132
+ # Our Security group to allow HTTP and SSH access
133
+ vpc_security_group_ids = ["${aws_security_group.default.id}"]
134
+
135
+ # We're going to launch into the same subnet as our ELB. In a production
136
+ # environment it's more common to have a separate private subnet for
137
+ # backend instances.
138
+ subnet_id = "${aws_subnet.default.id}"
139
+
140
+ # We run a remote provisioner on the instance after creating it.
141
+ # In this case, we just install nginx and start it. By default,
142
+ # this should be on port 80
143
+ provisioner "remote-exec" {
144
+ inline = [
145
+ "sudo apt-get -y update",
146
+ "sudo apt-get -y install apache2",
147
+ ]
148
+ }
149
+
150
+ tags {
151
+ iggy_name_apache_baseline = "apache-baseline",
152
+ iggy_url_apache_baseline = "https://github.com/dev-sec/apache-baseline",
153
+ iggy_name_linux_baseline = "linux-baseline",
154
+ iggy_url_linux_baseline = "https://github.com/dev-sec/linux-baseline"
155
+ }
156
+ }
data/test/outputs.tf ADDED
@@ -0,0 +1,11 @@
1
+ output "address" {
2
+ value = "${aws_elb.web.dns_name}"
3
+ }
4
+
5
+ output "instance_id" {
6
+ value = "${aws_instance.web.id}"
7
+ }
8
+
9
+ output "vpc_id" {
10
+ value = "${aws_vpc.default.id}"
11
+ }
data/test/terraform.tfstate ADDED
@@ -0,0 +1,383 @@
1
+ {
2
+ "version": 3,
3
+ "terraform_version": "0.11.7",
4
+ "serial": 18,
5
+ "lineage": "f548a694-6da4-0837-7a60-da3c20acfc6f",
6
+ "modules": [
7
+ {
8
+ "path": [
9
+ "root"
10
+ ],
11
+ "outputs": {
12
+ "address": {
13
+ "sensitive": false,
14
+ "type": "string",
15
+ "value": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com"
16
+ },
17
+ "instance_id": {
18
+ "sensitive": false,
19
+ "type": "string",
20
+ "value": "i-0775ff99e9bce8ecd"
21
+ },
22
+ "vpc_id": {
23
+ "sensitive": false,
24
+ "type": "string",
25
+ "value": "vpc-14afcc73"
26
+ }
27
+ },
28
+ "resources": {
29
+ "aws_elb.web": {
30
+ "type": "aws_elb",
31
+ "depends_on": [
32
+ "aws_instance.web",
33
+ "aws_security_group.elb",
34
+ "aws_subnet.default"
35
+ ],
36
+ "primary": {
37
+ "id": "terraform-example-elb",
38
+ "attributes": {
39
+ "access_logs.#": "0",
40
+ "arn": "arn:aws:elasticloadbalancing:us-west-1:496323866215:loadbalancer/terraform-example-elb",
41
+ "availability_zones.#": "1",
42
+ "availability_zones.3205754986": "us-west-1a",
43
+ "connection_draining": "false",
44
+ "connection_draining_timeout": "300",
45
+ "cross_zone_load_balancing": "true",
46
+ "dns_name": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com",
47
+ "health_check.#": "1",
48
+ "health_check.0.healthy_threshold": "10",
49
+ "health_check.0.interval": "30",
50
+ "health_check.0.target": "TCP:80",
51
+ "health_check.0.timeout": "5",
52
+ "health_check.0.unhealthy_threshold": "2",
53
+ "id": "terraform-example-elb",
54
+ "idle_timeout": "60",
55
+ "instances.#": "1",
56
+ "instances.305343310": "i-0775ff99e9bce8ecd",
57
+ "internal": "false",
58
+ "listener.#": "1",
59
+ "listener.3057123346.instance_port": "80",
60
+ "listener.3057123346.instance_protocol": "http",
61
+ "listener.3057123346.lb_port": "80",
62
+ "listener.3057123346.lb_protocol": "http",
63
+ "listener.3057123346.ssl_certificate_id": "",
64
+ "name": "terraform-example-elb",
65
+ "security_groups.#": "1",
66
+ "security_groups.2386481005": "sg-6bb84d13",
67
+ "source_security_group": "496323866215/terraform_example_elb",
68
+ "source_security_group_id": "sg-6bb84d13",
69
+ "subnets.#": "1",
70
+ "subnets.1060111469": "subnet-a4fdd0c3",
71
+ "tags.%": "0",
72
+ "zone_id": "Z368ELLRRE2KJ0"
73
+ },
74
+ "meta": {},
75
+ "tainted": false
76
+ },
77
+ "deposed": [],
78
+ "provider": "provider.aws"
79
+ },
80
+ "aws_instance.web": {
81
+ "type": "aws_instance",
82
+ "depends_on": [
83
+ "aws_key_pair.auth",
84
+ "aws_security_group.default",
85
+ "aws_subnet.default"
86
+ ],
87
+ "primary": {
88
+ "id": "i-0775ff99e9bce8ecd",
89
+ "attributes": {
90
+ "ami": "ami-969ab1f6",
91
+ "associate_public_ip_address": "true",
92
+ "availability_zone": "us-west-1a",
93
+ "disable_api_termination": "false",
94
+ "ebs_block_device.#": "0",
95
+ "ebs_optimized": "false",
96
+ "ephemeral_block_device.#": "0",
97
+ "get_password_data": "false",
98
+ "iam_instance_profile": "",
99
+ "id": "i-0775ff99e9bce8ecd",
100
+ "instance_state": "running",
101
+ "instance_type": "t2.micro",
102
+ "ipv6_addresses.#": "0",
103
+ "key_name": "mattray-tf",
104
+ "monitoring": "false",
105
+ "network_interface.#": "0",
106
+ "network_interface_id": "eni-f08650d1",
107
+ "password_data": "",
108
+ "placement_group": "",
109
+ "primary_network_interface_id": "eni-f08650d1",
110
+ "private_dns": "ip-10-0-1-41.us-west-1.compute.internal",
111
+ "private_ip": "10.0.1.41",
112
+ "public_dns": "",
113
+ "public_ip": "52.53.176.82",
114
+ "root_block_device.#": "1",
115
+ "root_block_device.0.delete_on_termination": "true",
116
+ "root_block_device.0.iops": "100",
117
+ "root_block_device.0.volume_id": "vol-0981b2759ecc72cc3",
118
+ "root_block_device.0.volume_size": "8",
119
+ "root_block_device.0.volume_type": "gp2",
120
+ "security_groups.#": "0",
121
+ "source_dest_check": "true",
122
+ "subnet_id": "subnet-a4fdd0c3",
123
+ "tags.%": "4",
124
+ "tags.iggy_name_apache_baseline": "apache-baseline",
125
+ "tags.iggy_name_linux_baseline": "linux-baseline",
126
+ "tags.iggy_url_apache_baseline": "https://github.com/dev-sec/apache-baseline",
127
+ "tags.iggy_url_linux_baseline": "https://github.com/dev-sec/linux-baseline",
128
+ "tenancy": "default",
129
+ "volume_tags.%": "0",
130
+ "vpc_security_group_ids.#": "1",
131
+ "vpc_security_group_ids.2962246997": "sg-4dbe4b35"
132
+ },
133
+ "meta": {
134
+ "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
135
+ "create": 600000000000,
136
+ "delete": 1200000000000,
137
+ "update": 600000000000
138
+ },
139
+ "schema_version": "1"
140
+ },
141
+ "tainted": false
142
+ },
143
+ "deposed": [],
144
+ "provider": "provider.aws"
145
+ },
146
+ "aws_internet_gateway.default": {
147
+ "type": "aws_internet_gateway",
148
+ "depends_on": [
149
+ "aws_vpc.default"
150
+ ],
151
+ "primary": {
152
+ "id": "igw-e1b3f585",
153
+ "attributes": {
154
+ "id": "igw-e1b3f585",
155
+ "vpc_id": "vpc-14afcc73"
156
+ },
157
+ "meta": {},
158
+ "tainted": false
159
+ },
160
+ "deposed": [],
161
+ "provider": "provider.aws"
162
+ },
163
+ "aws_key_pair.auth": {
164
+ "type": "aws_key_pair",
165
+ "depends_on": [],
166
+ "primary": {
167
+ "id": "mattray-tf",
168
+ "attributes": {
169
+ "id": "mattray-tf",
170
+ "key_name": "mattray-tf",
171
+ "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd7qpXEoZA7BCeu/Wx0bymKkGgTydKvXBEo0gReaUqKTH9rxS3GdWUJ2rk2EoQ0XBfnonFN7OjSjJQP2eVFewVinA5FpdT/doUDBlM9Za+rjXXor/9b2u6SoGWPAgWRwXGRH/RfsuxgtYEaLA3LAPdh2zL7rGCnQ/yGoVlFqAT8MlyOi/rAHNmOGZi/1BNXYGwwvOQeJ0nA7owf4VPP/h+fzezd4DyOMHf3+vqHOxc3QVfbbvOvMQnnPX/dw89Lf2W4nvG070xSGG/LxuXsm1yPSKKfiq/sZcchQBC3a+PKhYN44HjzZ0Ryd+22t4iu/u81qmDSzjGeJDvAd9xhg0J mray@farnsworth.local"
172
+ },
173
+ "meta": {
174
+ "schema_version": "1"
175
+ },
176
+ "tainted": false
177
+ },
178
+ "deposed": [],
179
+ "provider": "provider.aws"
180
+ },
181
+ "aws_route.internet_access": {
182
+ "type": "aws_route",
183
+ "depends_on": [
184
+ "aws_internet_gateway.default",
185
+ "aws_vpc.default"
186
+ ],
187
+ "primary": {
188
+ "id": "r-rtb-25edfb421080289494",
189
+ "attributes": {
190
+ "destination_cidr_block": "0.0.0.0/0",
191
+ "destination_prefix_list_id": "",
192
+ "egress_only_gateway_id": "",
193
+ "gateway_id": "igw-e1b3f585",
194
+ "id": "r-rtb-25edfb421080289494",
195
+ "instance_id": "",
196
+ "instance_owner_id": "",
197
+ "nat_gateway_id": "",
198
+ "network_interface_id": "",
199
+ "origin": "CreateRoute",
200
+ "route_table_id": "rtb-25edfb42",
201
+ "state": "active",
202
+ "vpc_peering_connection_id": ""
203
+ },
204
+ "meta": {
205
+ "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
206
+ "create": 120000000000,
207
+ "delete": 300000000000
208
+ }
209
+ },
210
+ "tainted": false
211
+ },
212
+ "deposed": [],
213
+ "provider": "provider.aws"
214
+ },
215
+ "aws_security_group.default": {
216
+ "type": "aws_security_group",
217
+ "depends_on": [
218
+ "aws_vpc.default"
219
+ ],
220
+ "primary": {
221
+ "id": "sg-4dbe4b35",
222
+ "attributes": {
223
+ "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-4dbe4b35",
224
+ "description": "Used in the terraform",
225
+ "egress.#": "1",
226
+ "egress.482069346.cidr_blocks.#": "1",
227
+ "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
228
+ "egress.482069346.description": "",
229
+ "egress.482069346.from_port": "0",
230
+ "egress.482069346.ipv6_cidr_blocks.#": "0",
231
+ "egress.482069346.prefix_list_ids.#": "0",
232
+ "egress.482069346.protocol": "-1",
233
+ "egress.482069346.security_groups.#": "0",
234
+ "egress.482069346.self": "false",
235
+ "egress.482069346.to_port": "0",
236
+ "id": "sg-4dbe4b35",
237
+ "ingress.#": "2",
238
+ "ingress.2165049311.cidr_blocks.#": "1",
239
+ "ingress.2165049311.cidr_blocks.0": "10.0.0.0/16",
240
+ "ingress.2165049311.description": "",
241
+ "ingress.2165049311.from_port": "80",
242
+ "ingress.2165049311.ipv6_cidr_blocks.#": "0",
243
+ "ingress.2165049311.protocol": "tcp",
244
+ "ingress.2165049311.security_groups.#": "0",
245
+ "ingress.2165049311.self": "false",
246
+ "ingress.2165049311.to_port": "80",
247
+ "ingress.2541437006.cidr_blocks.#": "1",
248
+ "ingress.2541437006.cidr_blocks.0": "0.0.0.0/0",
249
+ "ingress.2541437006.description": "",
250
+ "ingress.2541437006.from_port": "22",
251
+ "ingress.2541437006.ipv6_cidr_blocks.#": "0",
252
+ "ingress.2541437006.protocol": "tcp",
253
+ "ingress.2541437006.security_groups.#": "0",
254
+ "ingress.2541437006.self": "false",
255
+ "ingress.2541437006.to_port": "22",
256
+ "name": "terraform_example",
257
+ "owner_id": "496323866215",
258
+ "revoke_rules_on_delete": "false",
259
+ "tags.%": "0",
260
+ "vpc_id": "vpc-14afcc73"
261
+ },
262
+ "meta": {
263
+ "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
264
+ "create": 600000000000,
265
+ "delete": 600000000000
266
+ },
267
+ "schema_version": "1"
268
+ },
269
+ "tainted": false
270
+ },
271
+ "deposed": [],
272
+ "provider": "provider.aws"
273
+ },
274
+ "aws_security_group.elb": {
275
+ "type": "aws_security_group",
276
+ "depends_on": [
277
+ "aws_vpc.default"
278
+ ],
279
+ "primary": {
280
+ "id": "sg-6bb84d13",
281
+ "attributes": {
282
+ "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-6bb84d13",
283
+ "description": "Used in the terraform",
284
+ "egress.#": "1",
285
+ "egress.482069346.cidr_blocks.#": "1",
286
+ "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
287
+ "egress.482069346.description": "",
288
+ "egress.482069346.from_port": "0",
289
+ "egress.482069346.ipv6_cidr_blocks.#": "0",
290
+ "egress.482069346.prefix_list_ids.#": "0",
291
+ "egress.482069346.protocol": "-1",
292
+ "egress.482069346.security_groups.#": "0",
293
+ "egress.482069346.self": "false",
294
+ "egress.482069346.to_port": "0",
295
+ "id": "sg-6bb84d13",
296
+ "ingress.#": "1",
297
+ "ingress.2214680975.cidr_blocks.#": "1",
298
+ "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0",
299
+ "ingress.2214680975.description": "",
300
+ "ingress.2214680975.from_port": "80",
301
+ "ingress.2214680975.ipv6_cidr_blocks.#": "0",
302
+ "ingress.2214680975.protocol": "tcp",
303
+ "ingress.2214680975.security_groups.#": "0",
304
+ "ingress.2214680975.self": "false",
305
+ "ingress.2214680975.to_port": "80",
306
+ "name": "terraform_example_elb",
307
+ "owner_id": "496323866215",
308
+ "revoke_rules_on_delete": "false",
309
+ "tags.%": "0",
310
+ "vpc_id": "vpc-14afcc73"
311
+ },
312
+ "meta": {
313
+ "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
314
+ "create": 600000000000,
315
+ "delete": 600000000000
316
+ },
317
+ "schema_version": "1"
318
+ },
319
+ "tainted": false
320
+ },
321
+ "deposed": [],
322
+ "provider": "provider.aws"
323
+ },
324
+ "aws_subnet.default": {
325
+ "type": "aws_subnet",
326
+ "depends_on": [
327
+ "aws_vpc.default"
328
+ ],
329
+ "primary": {
330
+ "id": "subnet-a4fdd0c3",
331
+ "attributes": {
332
+ "assign_ipv6_address_on_creation": "false",
333
+ "availability_zone": "us-west-1a",
334
+ "cidr_block": "10.0.1.0/24",
335
+ "id": "subnet-a4fdd0c3",
336
+ "map_public_ip_on_launch": "true",
337
+ "tags.%": "0",
338
+ "vpc_id": "vpc-14afcc73"
339
+ },
340
+ "meta": {
341
+ "schema_version": "1"
342
+ },
343
+ "tainted": false
344
+ },
345
+ "deposed": [],
346
+ "provider": "provider.aws"
347
+ },
348
+ "aws_vpc.default": {
349
+ "type": "aws_vpc",
350
+ "depends_on": [],
351
+ "primary": {
352
+ "id": "vpc-14afcc73",
353
+ "attributes": {
354
+ "assign_generated_ipv6_cidr_block": "false",
355
+ "cidr_block": "10.0.0.0/16",
356
+ "default_network_acl_id": "acl-a24575c5",
357
+ "default_route_table_id": "rtb-25edfb42",
358
+ "default_security_group_id": "sg-dcb94ca4",
359
+ "dhcp_options_id": "dopt-d76783b2",
360
+ "enable_classiclink": "false",
361
+ "enable_classiclink_dns_support": "false",
362
+ "enable_dns_hostnames": "false",
363
+ "enable_dns_support": "true",
364
+ "id": "vpc-14afcc73",
365
+ "instance_tenancy": "default",
366
+ "main_route_table_id": "rtb-25edfb42",
367
+ "tags.%": "2",
368
+ "tags.iggy_name_hong_kong": "hong-kong",
369
+ "tags.iggy_url_hong_kong": "https://github.com/mattray/hong-kong-compliance"
370
+ },
371
+ "meta": {
372
+ "schema_version": "1"
373
+ },
374
+ "tainted": false
375
+ },
376
+ "deposed": [],
377
+ "provider": "provider.aws"
378
+ }
379
+ },
380
+ "depends_on": []
381
+ }
382
+ ]
383
+ }