inspec-iggy 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +8 -6
  3. data/README.md +91 -40
  4. data/inspec-iggy.gemspec +13 -13
  5. data/lib/inspec-iggy.rb +11 -2
  6. data/lib/inspec-iggy/cloudformation/cli_command.rb +92 -0
  7. data/lib/inspec-iggy/cloudformation/parser.rb +106 -0
  8. data/lib/inspec-iggy/inspec_helper.rb +62 -40
  9. data/lib/inspec-iggy/plugin.rb +43 -0
  10. data/lib/inspec-iggy/profile.rb +74 -0
  11. data/lib/inspec-iggy/terraform/cli_command.rb +94 -0
  12. data/lib/inspec-iggy/terraform/parser.rb +147 -0
  13. data/lib/inspec-iggy/version.rb +4 -4
  14. metadata +13 -16
  15. data/lib/inspec-iggy/cli.rb +0 -53
  16. data/lib/inspec-iggy/cloudformation.rb +0 -104
  17. data/lib/inspec-iggy/terraform.rb +0 -146
  18. data/test/bad.json +0 -6
  19. data/test/bjc-demo-aws-4.5.4.json +0 -851
  20. data/test/main.tf +0 -156
  21. data/test/outputs.tf +0 -11
  22. data/test/terraform.tfstate +0 -383
  23. data/test/variables.tf +0 -35
data/test/main.tf DELETED
@@ -1,156 +0,0 @@
1
- # Two-Tier example from https://github.com/terraform-providers/terraform-provider-aws
2
-
3
- # Specify the provider and access details
4
- provider "aws" {
5
- region = "${var.aws_region}"
6
- }
7
-
8
- # Create a VPC to launch our instances into
9
- resource "aws_vpc" "default" {
10
- cidr_block = "10.0.0.0/16"
11
-
12
- tags {
13
- iggy_name_hong_kong = "hong-kong",
14
- iggy_url_hong_kong = "https://github.com/mattray/hong-kong-compliance"
15
- }
16
- }
17
-
18
- # Create an internet gateway to give our subnet access to the outside world
19
- resource "aws_internet_gateway" "default" {
20
- vpc_id = "${aws_vpc.default.id}"
21
- }
22
-
23
- # Grant the VPC internet access on its main route table
24
- resource "aws_route" "internet_access" {
25
- route_table_id = "${aws_vpc.default.main_route_table_id}"
26
- destination_cidr_block = "0.0.0.0/0"
27
- gateway_id = "${aws_internet_gateway.default.id}"
28
- }
29
-
30
- # Create a subnet to launch our instances into
31
- resource "aws_subnet" "default" {
32
- vpc_id = "${aws_vpc.default.id}"
33
- cidr_block = "10.0.1.0/24"
34
- map_public_ip_on_launch = true
35
- }
36
-
37
- # A security group for the ELB so it is accessible via the web
38
- resource "aws_security_group" "elb" {
39
- name = "terraform_example_elb"
40
- description = "Used in the terraform"
41
- vpc_id = "${aws_vpc.default.id}"
42
-
43
- # HTTP access from anywhere
44
- ingress {
45
- from_port = 80
46
- to_port = 80
47
- protocol = "tcp"
48
- cidr_blocks = ["0.0.0.0/0"]
49
- }
50
-
51
- # outbound internet access
52
- egress {
53
- from_port = 0
54
- to_port = 0
55
- protocol = "-1"
56
- cidr_blocks = ["0.0.0.0/0"]
57
- }
58
- }
59
-
60
- # Our default security group to access
61
- # the instances over SSH and HTTP
62
- resource "aws_security_group" "default" {
63
- name = "terraform_example"
64
- description = "Used in the terraform"
65
- vpc_id = "${aws_vpc.default.id}"
66
-
67
- # SSH access from anywhere
68
- ingress {
69
- from_port = 22
70
- to_port = 22
71
- protocol = "tcp"
72
- cidr_blocks = ["0.0.0.0/0"]
73
- }
74
-
75
- # HTTP access from the VPC
76
- ingress {
77
- from_port = 80
78
- to_port = 80
79
- protocol = "tcp"
80
- cidr_blocks = ["10.0.0.0/16"]
81
- }
82
-
83
- # outbound internet access
84
- egress {
85
- from_port = 0
86
- to_port = 0
87
- protocol = "-1"
88
- cidr_blocks = ["0.0.0.0/0"]
89
- }
90
- }
91
-
92
- resource "aws_elb" "web" {
93
- name = "terraform-example-elb"
94
-
95
- subnets = ["${aws_subnet.default.id}"]
96
- security_groups = ["${aws_security_group.elb.id}"]
97
- instances = ["${aws_instance.web.id}"]
98
-
99
- listener {
100
- instance_port = 80
101
- instance_protocol = "http"
102
- lb_port = 80
103
- lb_protocol = "http"
104
- }
105
- }
106
-
107
- resource "aws_key_pair" "auth" {
108
- key_name = "${var.key_name}"
109
- public_key = "${file(var.public_key_path)}"
110
- }
111
-
112
- resource "aws_instance" "web" {
113
- # The connection block tells our provisioner how to
114
- # communicate with the resource (instance)
115
- connection {
116
- # The default username for our AMI
117
- user = "ubuntu"
118
-
119
- # The connection will use the local SSH agent for authentication.
120
- private_key = "${file(var.private_key_path)}"
121
- }
122
-
123
- instance_type = "t2.micro"
124
-
125
- # Lookup the correct AMI based on the region
126
- # we specified
127
- ami = "${lookup(var.aws_amis, var.aws_region)}"
128
-
129
- # The name of our SSH keypair we created above.
130
- key_name = "${aws_key_pair.auth.id}"
131
-
132
- # Our Security group to allow HTTP and SSH access
133
- vpc_security_group_ids = ["${aws_security_group.default.id}"]
134
-
135
- # We're going to launch into the same subnet as our ELB. In a production
136
- # environment it's more common to have a separate private subnet for
137
- # backend instances.
138
- subnet_id = "${aws_subnet.default.id}"
139
-
140
- # We run a remote provisioner on the instance after creating it.
141
- # In this case, we just install nginx and start it. By default,
142
- # this should be on port 80
143
- provisioner "remote-exec" {
144
- inline = [
145
- "sudo apt-get -y update",
146
- "sudo apt-get -y install apache2",
147
- ]
148
- }
149
-
150
- tags {
151
- iggy_name_apache_baseline = "apache-baseline",
152
- iggy_url_apache_baseline = "https://github.com/dev-sec/apache-baseline",
153
- iggy_name_linux_baseline = "linux-baseline",
154
- iggy_url_linux_baseline = "https://github.com/dev-sec/linux-baseline"
155
- }
156
- }
data/test/outputs.tf DELETED
@@ -1,11 +0,0 @@
1
- output "address" {
2
- value = "${aws_elb.web.dns_name}"
3
- }
4
-
5
- output "instance_id" {
6
- value = "${aws_instance.web.id}"
7
- }
8
-
9
- output "vpc_id" {
10
- value = "${aws_vpc.default.id}"
11
- }
data/test/terraform.tfstate DELETED
@@ -1,383 +0,0 @@
1
- {
2
- "version": 3,
3
- "terraform_version": "0.11.7",
4
- "serial": 18,
5
- "lineage": "f548a694-6da4-0837-7a60-da3c20acfc6f",
6
- "modules": [
7
- {
8
- "path": [
9
- "root"
10
- ],
11
- "outputs": {
12
- "address": {
13
- "sensitive": false,
14
- "type": "string",
15
- "value": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com"
16
- },
17
- "instance_id": {
18
- "sensitive": false,
19
- "type": "string",
20
- "value": "i-0775ff99e9bce8ecd"
21
- },
22
- "vpc_id": {
23
- "sensitive": false,
24
- "type": "string",
25
- "value": "vpc-14afcc73"
26
- }
27
- },
28
- "resources": {
29
- "aws_elb.web": {
30
- "type": "aws_elb",
31
- "depends_on": [
32
- "aws_instance.web",
33
- "aws_security_group.elb",
34
- "aws_subnet.default"
35
- ],
36
- "primary": {
37
- "id": "terraform-example-elb",
38
- "attributes": {
39
- "access_logs.#": "0",
40
- "arn": "arn:aws:elasticloadbalancing:us-west-1:496323866215:loadbalancer/terraform-example-elb",
41
- "availability_zones.#": "1",
42
- "availability_zones.3205754986": "us-west-1a",
43
- "connection_draining": "false",
44
- "connection_draining_timeout": "300",
45
- "cross_zone_load_balancing": "true",
46
- "dns_name": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com",
47
- "health_check.#": "1",
48
- "health_check.0.healthy_threshold": "10",
49
- "health_check.0.interval": "30",
50
- "health_check.0.target": "TCP:80",
51
- "health_check.0.timeout": "5",
52
- "health_check.0.unhealthy_threshold": "2",
53
- "id": "terraform-example-elb",
54
- "idle_timeout": "60",
55
- "instances.#": "1",
56
- "instances.305343310": "i-0775ff99e9bce8ecd",
57
- "internal": "false",
58
- "listener.#": "1",
59
- "listener.3057123346.instance_port": "80",
60
- "listener.3057123346.instance_protocol": "http",
61
- "listener.3057123346.lb_port": "80",
62
- "listener.3057123346.lb_protocol": "http",
63
- "listener.3057123346.ssl_certificate_id": "",
64
- "name": "terraform-example-elb",
65
- "security_groups.#": "1",
66
- "security_groups.2386481005": "sg-6bb84d13",
67
- "source_security_group": "496323866215/terraform_example_elb",
68
- "source_security_group_id": "sg-6bb84d13",
69
- "subnets.#": "1",
70
- "subnets.1060111469": "subnet-a4fdd0c3",
71
- "tags.%": "0",
72
- "zone_id": "Z368ELLRRE2KJ0"
73
- },
74
- "meta": {},
75
- "tainted": false
76
- },
77
- "deposed": [],
78
- "provider": "provider.aws"
79
- },
80
- "aws_instance.web": {
81
- "type": "aws_instance",
82
- "depends_on": [
83
- "aws_key_pair.auth",
84
- "aws_security_group.default",
85
- "aws_subnet.default"
86
- ],
87
- "primary": {
88
- "id": "i-0775ff99e9bce8ecd",
89
- "attributes": {
90
- "ami": "ami-969ab1f6",
91
- "associate_public_ip_address": "true",
92
- "availability_zone": "us-west-1a",
93
- "disable_api_termination": "false",
94
- "ebs_block_device.#": "0",
95
- "ebs_optimized": "false",
96
- "ephemeral_block_device.#": "0",
97
- "get_password_data": "false",
98
- "iam_instance_profile": "",
99
- "id": "i-0775ff99e9bce8ecd",
100
- "instance_state": "running",
101
- "instance_type": "t2.micro",
102
- "ipv6_addresses.#": "0",
103
- "key_name": "mattray-tf",
104
- "monitoring": "false",
105
- "network_interface.#": "0",
106
- "network_interface_id": "eni-f08650d1",
107
- "password_data": "",
108
- "placement_group": "",
109
- "primary_network_interface_id": "eni-f08650d1",
110
- "private_dns": "ip-10-0-1-41.us-west-1.compute.internal",
111
- "private_ip": "10.0.1.41",
112
- "public_dns": "",
113
- "public_ip": "52.53.176.82",
114
- "root_block_device.#": "1",
115
- "root_block_device.0.delete_on_termination": "true",
116
- "root_block_device.0.iops": "100",
117
- "root_block_device.0.volume_id": "vol-0981b2759ecc72cc3",
118
- "root_block_device.0.volume_size": "8",
119
- "root_block_device.0.volume_type": "gp2",
120
- "security_groups.#": "0",
121
- "source_dest_check": "true",
122
- "subnet_id": "subnet-a4fdd0c3",
123
- "tags.%": "4",
124
- "tags.iggy_name_apache_baseline": "apache-baseline",
125
- "tags.iggy_name_linux_baseline": "linux-baseline",
126
- "tags.iggy_url_apache_baseline": "https://github.com/dev-sec/apache-baseline",
127
- "tags.iggy_url_linux_baseline": "https://github.com/dev-sec/linux-baseline",
128
- "tenancy": "default",
129
- "volume_tags.%": "0",
130
- "vpc_security_group_ids.#": "1",
131
- "vpc_security_group_ids.2962246997": "sg-4dbe4b35"
132
- },
133
- "meta": {
134
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
135
- "create": 600000000000,
136
- "delete": 1200000000000,
137
- "update": 600000000000
138
- },
139
- "schema_version": "1"
140
- },
141
- "tainted": false
142
- },
143
- "deposed": [],
144
- "provider": "provider.aws"
145
- },
146
- "aws_internet_gateway.default": {
147
- "type": "aws_internet_gateway",
148
- "depends_on": [
149
- "aws_vpc.default"
150
- ],
151
- "primary": {
152
- "id": "igw-e1b3f585",
153
- "attributes": {
154
- "id": "igw-e1b3f585",
155
- "vpc_id": "vpc-14afcc73"
156
- },
157
- "meta": {},
158
- "tainted": false
159
- },
160
- "deposed": [],
161
- "provider": "provider.aws"
162
- },
163
- "aws_key_pair.auth": {
164
- "type": "aws_key_pair",
165
- "depends_on": [],
166
- "primary": {
167
- "id": "mattray-tf",
168
- "attributes": {
169
- "id": "mattray-tf",
170
- "key_name": "mattray-tf",
171
- "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd7qpXEoZA7BCeu/Wx0bymKkGgTydKvXBEo0gReaUqKTH9rxS3GdWUJ2rk2EoQ0XBfnonFN7OjSjJQP2eVFewVinA5FpdT/doUDBlM9Za+rjXXor/9b2u6SoGWPAgWRwXGRH/RfsuxgtYEaLA3LAPdh2zL7rGCnQ/yGoVlFqAT8MlyOi/rAHNmOGZi/1BNXYGwwvOQeJ0nA7owf4VPP/h+fzezd4DyOMHf3+vqHOxc3QVfbbvOvMQnnPX/dw89Lf2W4nvG070xSGG/LxuXsm1yPSKKfiq/sZcchQBC3a+PKhYN44HjzZ0Ryd+22t4iu/u81qmDSzjGeJDvAd9xhg0J mray@farnsworth.local"
172
- },
173
- "meta": {
174
- "schema_version": "1"
175
- },
176
- "tainted": false
177
- },
178
- "deposed": [],
179
- "provider": "provider.aws"
180
- },
181
- "aws_route.internet_access": {
182
- "type": "aws_route",
183
- "depends_on": [
184
- "aws_internet_gateway.default",
185
- "aws_vpc.default"
186
- ],
187
- "primary": {
188
- "id": "r-rtb-25edfb421080289494",
189
- "attributes": {
190
- "destination_cidr_block": "0.0.0.0/0",
191
- "destination_prefix_list_id": "",
192
- "egress_only_gateway_id": "",
193
- "gateway_id": "igw-e1b3f585",
194
- "id": "r-rtb-25edfb421080289494",
195
- "instance_id": "",
196
- "instance_owner_id": "",
197
- "nat_gateway_id": "",
198
- "network_interface_id": "",
199
- "origin": "CreateRoute",
200
- "route_table_id": "rtb-25edfb42",
201
- "state": "active",
202
- "vpc_peering_connection_id": ""
203
- },
204
- "meta": {
205
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
206
- "create": 120000000000,
207
- "delete": 300000000000
208
- }
209
- },
210
- "tainted": false
211
- },
212
- "deposed": [],
213
- "provider": "provider.aws"
214
- },
215
- "aws_security_group.default": {
216
- "type": "aws_security_group",
217
- "depends_on": [
218
- "aws_vpc.default"
219
- ],
220
- "primary": {
221
- "id": "sg-4dbe4b35",
222
- "attributes": {
223
- "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-4dbe4b35",
224
- "description": "Used in the terraform",
225
- "egress.#": "1",
226
- "egress.482069346.cidr_blocks.#": "1",
227
- "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
228
- "egress.482069346.description": "",
229
- "egress.482069346.from_port": "0",
230
- "egress.482069346.ipv6_cidr_blocks.#": "0",
231
- "egress.482069346.prefix_list_ids.#": "0",
232
- "egress.482069346.protocol": "-1",
233
- "egress.482069346.security_groups.#": "0",
234
- "egress.482069346.self": "false",
235
- "egress.482069346.to_port": "0",
236
- "id": "sg-4dbe4b35",
237
- "ingress.#": "2",
238
- "ingress.2165049311.cidr_blocks.#": "1",
239
- "ingress.2165049311.cidr_blocks.0": "10.0.0.0/16",
240
- "ingress.2165049311.description": "",
241
- "ingress.2165049311.from_port": "80",
242
- "ingress.2165049311.ipv6_cidr_blocks.#": "0",
243
- "ingress.2165049311.protocol": "tcp",
244
- "ingress.2165049311.security_groups.#": "0",
245
- "ingress.2165049311.self": "false",
246
- "ingress.2165049311.to_port": "80",
247
- "ingress.2541437006.cidr_blocks.#": "1",
248
- "ingress.2541437006.cidr_blocks.0": "0.0.0.0/0",
249
- "ingress.2541437006.description": "",
250
- "ingress.2541437006.from_port": "22",
251
- "ingress.2541437006.ipv6_cidr_blocks.#": "0",
252
- "ingress.2541437006.protocol": "tcp",
253
- "ingress.2541437006.security_groups.#": "0",
254
- "ingress.2541437006.self": "false",
255
- "ingress.2541437006.to_port": "22",
256
- "name": "terraform_example",
257
- "owner_id": "496323866215",
258
- "revoke_rules_on_delete": "false",
259
- "tags.%": "0",
260
- "vpc_id": "vpc-14afcc73"
261
- },
262
- "meta": {
263
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
264
- "create": 600000000000,
265
- "delete": 600000000000
266
- },
267
- "schema_version": "1"
268
- },
269
- "tainted": false
270
- },
271
- "deposed": [],
272
- "provider": "provider.aws"
273
- },
274
- "aws_security_group.elb": {
275
- "type": "aws_security_group",
276
- "depends_on": [
277
- "aws_vpc.default"
278
- ],
279
- "primary": {
280
- "id": "sg-6bb84d13",
281
- "attributes": {
282
- "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-6bb84d13",
283
- "description": "Used in the terraform",
284
- "egress.#": "1",
285
- "egress.482069346.cidr_blocks.#": "1",
286
- "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
287
- "egress.482069346.description": "",
288
- "egress.482069346.from_port": "0",
289
- "egress.482069346.ipv6_cidr_blocks.#": "0",
290
- "egress.482069346.prefix_list_ids.#": "0",
291
- "egress.482069346.protocol": "-1",
292
- "egress.482069346.security_groups.#": "0",
293
- "egress.482069346.self": "false",
294
- "egress.482069346.to_port": "0",
295
- "id": "sg-6bb84d13",
296
- "ingress.#": "1",
297
- "ingress.2214680975.cidr_blocks.#": "1",
298
- "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0",
299
- "ingress.2214680975.description": "",
300
- "ingress.2214680975.from_port": "80",
301
- "ingress.2214680975.ipv6_cidr_blocks.#": "0",
302
- "ingress.2214680975.protocol": "tcp",
303
- "ingress.2214680975.security_groups.#": "0",
304
- "ingress.2214680975.self": "false",
305
- "ingress.2214680975.to_port": "80",
306
- "name": "terraform_example_elb",
307
- "owner_id": "496323866215",
308
- "revoke_rules_on_delete": "false",
309
- "tags.%": "0",
310
- "vpc_id": "vpc-14afcc73"
311
- },
312
- "meta": {
313
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
314
- "create": 600000000000,
315
- "delete": 600000000000
316
- },
317
- "schema_version": "1"
318
- },
319
- "tainted": false
320
- },
321
- "deposed": [],
322
- "provider": "provider.aws"
323
- },
324
- "aws_subnet.default": {
325
- "type": "aws_subnet",
326
- "depends_on": [
327
- "aws_vpc.default"
328
- ],
329
- "primary": {
330
- "id": "subnet-a4fdd0c3",
331
- "attributes": {
332
- "assign_ipv6_address_on_creation": "false",
333
- "availability_zone": "us-west-1a",
334
- "cidr_block": "10.0.1.0/24",
335
- "id": "subnet-a4fdd0c3",
336
- "map_public_ip_on_launch": "true",
337
- "tags.%": "0",
338
- "vpc_id": "vpc-14afcc73"
339
- },
340
- "meta": {
341
- "schema_version": "1"
342
- },
343
- "tainted": false
344
- },
345
- "deposed": [],
346
- "provider": "provider.aws"
347
- },
348
- "aws_vpc.default": {
349
- "type": "aws_vpc",
350
- "depends_on": [],
351
- "primary": {
352
- "id": "vpc-14afcc73",
353
- "attributes": {
354
- "assign_generated_ipv6_cidr_block": "false",
355
- "cidr_block": "10.0.0.0/16",
356
- "default_network_acl_id": "acl-a24575c5",
357
- "default_route_table_id": "rtb-25edfb42",
358
- "default_security_group_id": "sg-dcb94ca4",
359
- "dhcp_options_id": "dopt-d76783b2",
360
- "enable_classiclink": "false",
361
- "enable_classiclink_dns_support": "false",
362
- "enable_dns_hostnames": "false",
363
- "enable_dns_support": "true",
364
- "id": "vpc-14afcc73",
365
- "instance_tenancy": "default",
366
- "main_route_table_id": "rtb-25edfb42",
367
- "tags.%": "2",
368
- "tags.iggy_name_hong_kong": "hong-kong",
369
- "tags.iggy_url_hong_kong": "https://github.com/mattray/hong-kong-compliance"
370
- },
371
- "meta": {
372
- "schema_version": "1"
373
- },
374
- "tainted": false
375
- },
376
- "deposed": [],
377
- "provider": "provider.aws"
378
- }
379
- },
380
- "depends_on": []
381
- }
382
- ]
383
- }