inspec-iggy 0.2.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +8 -6
  3. data/README.md +91 -40
  4. data/inspec-iggy.gemspec +13 -13
  5. data/lib/inspec-iggy.rb +11 -2
  6. data/lib/inspec-iggy/cloudformation/cli_command.rb +92 -0
  7. data/lib/inspec-iggy/cloudformation/parser.rb +106 -0
  8. data/lib/inspec-iggy/inspec_helper.rb +62 -40
  9. data/lib/inspec-iggy/plugin.rb +43 -0
  10. data/lib/inspec-iggy/profile.rb +74 -0
  11. data/lib/inspec-iggy/terraform/cli_command.rb +94 -0
  12. data/lib/inspec-iggy/terraform/parser.rb +147 -0
  13. data/lib/inspec-iggy/version.rb +4 -4
  14. metadata +13 -16
  15. data/lib/inspec-iggy/cli.rb +0 -53
  16. data/lib/inspec-iggy/cloudformation.rb +0 -104
  17. data/lib/inspec-iggy/terraform.rb +0 -146
  18. data/test/bad.json +0 -6
  19. data/test/bjc-demo-aws-4.5.4.json +0 -851
  20. data/test/main.tf +0 -156
  21. data/test/outputs.tf +0 -11
  22. data/test/terraform.tfstate +0 -383
  23. data/test/variables.tf +0 -35
data/test/main.tf DELETED
@@ -1,156 +0,0 @@
1
- # Two-Tier example from https://github.com/terraform-providers/terraform-provider-aws
2
-
3
- # Specify the provider and access details
4
- provider "aws" {
5
- region = "${var.aws_region}"
6
- }
7
-
8
- # Create a VPC to launch our instances into
9
- resource "aws_vpc" "default" {
10
- cidr_block = "10.0.0.0/16"
11
-
12
- tags {
13
- iggy_name_hong_kong = "hong-kong",
14
- iggy_url_hong_kong = "https://github.com/mattray/hong-kong-compliance"
15
- }
16
- }
17
-
18
- # Create an internet gateway to give our subnet access to the outside world
19
- resource "aws_internet_gateway" "default" {
20
- vpc_id = "${aws_vpc.default.id}"
21
- }
22
-
23
- # Grant the VPC internet access on its main route table
24
- resource "aws_route" "internet_access" {
25
- route_table_id = "${aws_vpc.default.main_route_table_id}"
26
- destination_cidr_block = "0.0.0.0/0"
27
- gateway_id = "${aws_internet_gateway.default.id}"
28
- }
29
-
30
- # Create a subnet to launch our instances into
31
- resource "aws_subnet" "default" {
32
- vpc_id = "${aws_vpc.default.id}"
33
- cidr_block = "10.0.1.0/24"
34
- map_public_ip_on_launch = true
35
- }
36
-
37
- # A security group for the ELB so it is accessible via the web
38
- resource "aws_security_group" "elb" {
39
- name = "terraform_example_elb"
40
- description = "Used in the terraform"
41
- vpc_id = "${aws_vpc.default.id}"
42
-
43
- # HTTP access from anywhere
44
- ingress {
45
- from_port = 80
46
- to_port = 80
47
- protocol = "tcp"
48
- cidr_blocks = ["0.0.0.0/0"]
49
- }
50
-
51
- # outbound internet access
52
- egress {
53
- from_port = 0
54
- to_port = 0
55
- protocol = "-1"
56
- cidr_blocks = ["0.0.0.0/0"]
57
- }
58
- }
59
-
60
- # Our default security group to access
61
- # the instances over SSH and HTTP
62
- resource "aws_security_group" "default" {
63
- name = "terraform_example"
64
- description = "Used in the terraform"
65
- vpc_id = "${aws_vpc.default.id}"
66
-
67
- # SSH access from anywhere
68
- ingress {
69
- from_port = 22
70
- to_port = 22
71
- protocol = "tcp"
72
- cidr_blocks = ["0.0.0.0/0"]
73
- }
74
-
75
- # HTTP access from the VPC
76
- ingress {
77
- from_port = 80
78
- to_port = 80
79
- protocol = "tcp"
80
- cidr_blocks = ["10.0.0.0/16"]
81
- }
82
-
83
- # outbound internet access
84
- egress {
85
- from_port = 0
86
- to_port = 0
87
- protocol = "-1"
88
- cidr_blocks = ["0.0.0.0/0"]
89
- }
90
- }
91
-
92
- resource "aws_elb" "web" {
93
- name = "terraform-example-elb"
94
-
95
- subnets = ["${aws_subnet.default.id}"]
96
- security_groups = ["${aws_security_group.elb.id}"]
97
- instances = ["${aws_instance.web.id}"]
98
-
99
- listener {
100
- instance_port = 80
101
- instance_protocol = "http"
102
- lb_port = 80
103
- lb_protocol = "http"
104
- }
105
- }
106
-
107
- resource "aws_key_pair" "auth" {
108
- key_name = "${var.key_name}"
109
- public_key = "${file(var.public_key_path)}"
110
- }
111
-
112
- resource "aws_instance" "web" {
113
- # The connection block tells our provisioner how to
114
- # communicate with the resource (instance)
115
- connection {
116
- # The default username for our AMI
117
- user = "ubuntu"
118
-
119
- # The connection will use the local SSH agent for authentication.
120
- private_key = "${file(var.private_key_path)}"
121
- }
122
-
123
- instance_type = "t2.micro"
124
-
125
- # Lookup the correct AMI based on the region
126
- # we specified
127
- ami = "${lookup(var.aws_amis, var.aws_region)}"
128
-
129
- # The name of our SSH keypair we created above.
130
- key_name = "${aws_key_pair.auth.id}"
131
-
132
- # Our Security group to allow HTTP and SSH access
133
- vpc_security_group_ids = ["${aws_security_group.default.id}"]
134
-
135
- # We're going to launch into the same subnet as our ELB. In a production
136
- # environment it's more common to have a separate private subnet for
137
- # backend instances.
138
- subnet_id = "${aws_subnet.default.id}"
139
-
140
- # We run a remote provisioner on the instance after creating it.
141
- # In this case, we just install nginx and start it. By default,
142
- # this should be on port 80
143
- provisioner "remote-exec" {
144
- inline = [
145
- "sudo apt-get -y update",
146
- "sudo apt-get -y install apache2",
147
- ]
148
- }
149
-
150
- tags {
151
- iggy_name_apache_baseline = "apache-baseline",
152
- iggy_url_apache_baseline = "https://github.com/dev-sec/apache-baseline",
153
- iggy_name_linux_baseline = "linux-baseline",
154
- iggy_url_linux_baseline = "https://github.com/dev-sec/linux-baseline"
155
- }
156
- }
data/test/outputs.tf DELETED
@@ -1,11 +0,0 @@
1
- output "address" {
2
- value = "${aws_elb.web.dns_name}"
3
- }
4
-
5
- output "instance_id" {
6
- value = "${aws_instance.web.id}"
7
- }
8
-
9
- output "vpc_id" {
10
- value = "${aws_vpc.default.id}"
11
- }
data/test/terraform.tfstate DELETED
@@ -1,383 +0,0 @@
1
- {
2
- "version": 3,
3
- "terraform_version": "0.11.7",
4
- "serial": 18,
5
- "lineage": "f548a694-6da4-0837-7a60-da3c20acfc6f",
6
- "modules": [
7
- {
8
- "path": [
9
- "root"
10
- ],
11
- "outputs": {
12
- "address": {
13
- "sensitive": false,
14
- "type": "string",
15
- "value": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com"
16
- },
17
- "instance_id": {
18
- "sensitive": false,
19
- "type": "string",
20
- "value": "i-0775ff99e9bce8ecd"
21
- },
22
- "vpc_id": {
23
- "sensitive": false,
24
- "type": "string",
25
- "value": "vpc-14afcc73"
26
- }
27
- },
28
- "resources": {
29
- "aws_elb.web": {
30
- "type": "aws_elb",
31
- "depends_on": [
32
- "aws_instance.web",
33
- "aws_security_group.elb",
34
- "aws_subnet.default"
35
- ],
36
- "primary": {
37
- "id": "terraform-example-elb",
38
- "attributes": {
39
- "access_logs.#": "0",
40
- "arn": "arn:aws:elasticloadbalancing:us-west-1:496323866215:loadbalancer/terraform-example-elb",
41
- "availability_zones.#": "1",
42
- "availability_zones.3205754986": "us-west-1a",
43
- "connection_draining": "false",
44
- "connection_draining_timeout": "300",
45
- "cross_zone_load_balancing": "true",
46
- "dns_name": "terraform-example-elb-1850336543.us-west-1.elb.amazonaws.com",
47
- "health_check.#": "1",
48
- "health_check.0.healthy_threshold": "10",
49
- "health_check.0.interval": "30",
50
- "health_check.0.target": "TCP:80",
51
- "health_check.0.timeout": "5",
52
- "health_check.0.unhealthy_threshold": "2",
53
- "id": "terraform-example-elb",
54
- "idle_timeout": "60",
55
- "instances.#": "1",
56
- "instances.305343310": "i-0775ff99e9bce8ecd",
57
- "internal": "false",
58
- "listener.#": "1",
59
- "listener.3057123346.instance_port": "80",
60
- "listener.3057123346.instance_protocol": "http",
61
- "listener.3057123346.lb_port": "80",
62
- "listener.3057123346.lb_protocol": "http",
63
- "listener.3057123346.ssl_certificate_id": "",
64
- "name": "terraform-example-elb",
65
- "security_groups.#": "1",
66
- "security_groups.2386481005": "sg-6bb84d13",
67
- "source_security_group": "496323866215/terraform_example_elb",
68
- "source_security_group_id": "sg-6bb84d13",
69
- "subnets.#": "1",
70
- "subnets.1060111469": "subnet-a4fdd0c3",
71
- "tags.%": "0",
72
- "zone_id": "Z368ELLRRE2KJ0"
73
- },
74
- "meta": {},
75
- "tainted": false
76
- },
77
- "deposed": [],
78
- "provider": "provider.aws"
79
- },
80
- "aws_instance.web": {
81
- "type": "aws_instance",
82
- "depends_on": [
83
- "aws_key_pair.auth",
84
- "aws_security_group.default",
85
- "aws_subnet.default"
86
- ],
87
- "primary": {
88
- "id": "i-0775ff99e9bce8ecd",
89
- "attributes": {
90
- "ami": "ami-969ab1f6",
91
- "associate_public_ip_address": "true",
92
- "availability_zone": "us-west-1a",
93
- "disable_api_termination": "false",
94
- "ebs_block_device.#": "0",
95
- "ebs_optimized": "false",
96
- "ephemeral_block_device.#": "0",
97
- "get_password_data": "false",
98
- "iam_instance_profile": "",
99
- "id": "i-0775ff99e9bce8ecd",
100
- "instance_state": "running",
101
- "instance_type": "t2.micro",
102
- "ipv6_addresses.#": "0",
103
- "key_name": "mattray-tf",
104
- "monitoring": "false",
105
- "network_interface.#": "0",
106
- "network_interface_id": "eni-f08650d1",
107
- "password_data": "",
108
- "placement_group": "",
109
- "primary_network_interface_id": "eni-f08650d1",
110
- "private_dns": "ip-10-0-1-41.us-west-1.compute.internal",
111
- "private_ip": "10.0.1.41",
112
- "public_dns": "",
113
- "public_ip": "52.53.176.82",
114
- "root_block_device.#": "1",
115
- "root_block_device.0.delete_on_termination": "true",
116
- "root_block_device.0.iops": "100",
117
- "root_block_device.0.volume_id": "vol-0981b2759ecc72cc3",
118
- "root_block_device.0.volume_size": "8",
119
- "root_block_device.0.volume_type": "gp2",
120
- "security_groups.#": "0",
121
- "source_dest_check": "true",
122
- "subnet_id": "subnet-a4fdd0c3",
123
- "tags.%": "4",
124
- "tags.iggy_name_apache_baseline": "apache-baseline",
125
- "tags.iggy_name_linux_baseline": "linux-baseline",
126
- "tags.iggy_url_apache_baseline": "https://github.com/dev-sec/apache-baseline",
127
- "tags.iggy_url_linux_baseline": "https://github.com/dev-sec/linux-baseline",
128
- "tenancy": "default",
129
- "volume_tags.%": "0",
130
- "vpc_security_group_ids.#": "1",
131
- "vpc_security_group_ids.2962246997": "sg-4dbe4b35"
132
- },
133
- "meta": {
134
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
135
- "create": 600000000000,
136
- "delete": 1200000000000,
137
- "update": 600000000000
138
- },
139
- "schema_version": "1"
140
- },
141
- "tainted": false
142
- },
143
- "deposed": [],
144
- "provider": "provider.aws"
145
- },
146
- "aws_internet_gateway.default": {
147
- "type": "aws_internet_gateway",
148
- "depends_on": [
149
- "aws_vpc.default"
150
- ],
151
- "primary": {
152
- "id": "igw-e1b3f585",
153
- "attributes": {
154
- "id": "igw-e1b3f585",
155
- "vpc_id": "vpc-14afcc73"
156
- },
157
- "meta": {},
158
- "tainted": false
159
- },
160
- "deposed": [],
161
- "provider": "provider.aws"
162
- },
163
- "aws_key_pair.auth": {
164
- "type": "aws_key_pair",
165
- "depends_on": [],
166
- "primary": {
167
- "id": "mattray-tf",
168
- "attributes": {
169
- "id": "mattray-tf",
170
- "key_name": "mattray-tf",
171
- "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd7qpXEoZA7BCeu/Wx0bymKkGgTydKvXBEo0gReaUqKTH9rxS3GdWUJ2rk2EoQ0XBfnonFN7OjSjJQP2eVFewVinA5FpdT/doUDBlM9Za+rjXXor/9b2u6SoGWPAgWRwXGRH/RfsuxgtYEaLA3LAPdh2zL7rGCnQ/yGoVlFqAT8MlyOi/rAHNmOGZi/1BNXYGwwvOQeJ0nA7owf4VPP/h+fzezd4DyOMHf3+vqHOxc3QVfbbvOvMQnnPX/dw89Lf2W4nvG070xSGG/LxuXsm1yPSKKfiq/sZcchQBC3a+PKhYN44HjzZ0Ryd+22t4iu/u81qmDSzjGeJDvAd9xhg0J mray@farnsworth.local"
172
- },
173
- "meta": {
174
- "schema_version": "1"
175
- },
176
- "tainted": false
177
- },
178
- "deposed": [],
179
- "provider": "provider.aws"
180
- },
181
- "aws_route.internet_access": {
182
- "type": "aws_route",
183
- "depends_on": [
184
- "aws_internet_gateway.default",
185
- "aws_vpc.default"
186
- ],
187
- "primary": {
188
- "id": "r-rtb-25edfb421080289494",
189
- "attributes": {
190
- "destination_cidr_block": "0.0.0.0/0",
191
- "destination_prefix_list_id": "",
192
- "egress_only_gateway_id": "",
193
- "gateway_id": "igw-e1b3f585",
194
- "id": "r-rtb-25edfb421080289494",
195
- "instance_id": "",
196
- "instance_owner_id": "",
197
- "nat_gateway_id": "",
198
- "network_interface_id": "",
199
- "origin": "CreateRoute",
200
- "route_table_id": "rtb-25edfb42",
201
- "state": "active",
202
- "vpc_peering_connection_id": ""
203
- },
204
- "meta": {
205
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
206
- "create": 120000000000,
207
- "delete": 300000000000
208
- }
209
- },
210
- "tainted": false
211
- },
212
- "deposed": [],
213
- "provider": "provider.aws"
214
- },
215
- "aws_security_group.default": {
216
- "type": "aws_security_group",
217
- "depends_on": [
218
- "aws_vpc.default"
219
- ],
220
- "primary": {
221
- "id": "sg-4dbe4b35",
222
- "attributes": {
223
- "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-4dbe4b35",
224
- "description": "Used in the terraform",
225
- "egress.#": "1",
226
- "egress.482069346.cidr_blocks.#": "1",
227
- "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
228
- "egress.482069346.description": "",
229
- "egress.482069346.from_port": "0",
230
- "egress.482069346.ipv6_cidr_blocks.#": "0",
231
- "egress.482069346.prefix_list_ids.#": "0",
232
- "egress.482069346.protocol": "-1",
233
- "egress.482069346.security_groups.#": "0",
234
- "egress.482069346.self": "false",
235
- "egress.482069346.to_port": "0",
236
- "id": "sg-4dbe4b35",
237
- "ingress.#": "2",
238
- "ingress.2165049311.cidr_blocks.#": "1",
239
- "ingress.2165049311.cidr_blocks.0": "10.0.0.0/16",
240
- "ingress.2165049311.description": "",
241
- "ingress.2165049311.from_port": "80",
242
- "ingress.2165049311.ipv6_cidr_blocks.#": "0",
243
- "ingress.2165049311.protocol": "tcp",
244
- "ingress.2165049311.security_groups.#": "0",
245
- "ingress.2165049311.self": "false",
246
- "ingress.2165049311.to_port": "80",
247
- "ingress.2541437006.cidr_blocks.#": "1",
248
- "ingress.2541437006.cidr_blocks.0": "0.0.0.0/0",
249
- "ingress.2541437006.description": "",
250
- "ingress.2541437006.from_port": "22",
251
- "ingress.2541437006.ipv6_cidr_blocks.#": "0",
252
- "ingress.2541437006.protocol": "tcp",
253
- "ingress.2541437006.security_groups.#": "0",
254
- "ingress.2541437006.self": "false",
255
- "ingress.2541437006.to_port": "22",
256
- "name": "terraform_example",
257
- "owner_id": "496323866215",
258
- "revoke_rules_on_delete": "false",
259
- "tags.%": "0",
260
- "vpc_id": "vpc-14afcc73"
261
- },
262
- "meta": {
263
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
264
- "create": 600000000000,
265
- "delete": 600000000000
266
- },
267
- "schema_version": "1"
268
- },
269
- "tainted": false
270
- },
271
- "deposed": [],
272
- "provider": "provider.aws"
273
- },
274
- "aws_security_group.elb": {
275
- "type": "aws_security_group",
276
- "depends_on": [
277
- "aws_vpc.default"
278
- ],
279
- "primary": {
280
- "id": "sg-6bb84d13",
281
- "attributes": {
282
- "arn": "arn:aws:ec2:us-west-1:496323866215:security-group/sg-6bb84d13",
283
- "description": "Used in the terraform",
284
- "egress.#": "1",
285
- "egress.482069346.cidr_blocks.#": "1",
286
- "egress.482069346.cidr_blocks.0": "0.0.0.0/0",
287
- "egress.482069346.description": "",
288
- "egress.482069346.from_port": "0",
289
- "egress.482069346.ipv6_cidr_blocks.#": "0",
290
- "egress.482069346.prefix_list_ids.#": "0",
291
- "egress.482069346.protocol": "-1",
292
- "egress.482069346.security_groups.#": "0",
293
- "egress.482069346.self": "false",
294
- "egress.482069346.to_port": "0",
295
- "id": "sg-6bb84d13",
296
- "ingress.#": "1",
297
- "ingress.2214680975.cidr_blocks.#": "1",
298
- "ingress.2214680975.cidr_blocks.0": "0.0.0.0/0",
299
- "ingress.2214680975.description": "",
300
- "ingress.2214680975.from_port": "80",
301
- "ingress.2214680975.ipv6_cidr_blocks.#": "0",
302
- "ingress.2214680975.protocol": "tcp",
303
- "ingress.2214680975.security_groups.#": "0",
304
- "ingress.2214680975.self": "false",
305
- "ingress.2214680975.to_port": "80",
306
- "name": "terraform_example_elb",
307
- "owner_id": "496323866215",
308
- "revoke_rules_on_delete": "false",
309
- "tags.%": "0",
310
- "vpc_id": "vpc-14afcc73"
311
- },
312
- "meta": {
313
- "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
314
- "create": 600000000000,
315
- "delete": 600000000000
316
- },
317
- "schema_version": "1"
318
- },
319
- "tainted": false
320
- },
321
- "deposed": [],
322
- "provider": "provider.aws"
323
- },
324
- "aws_subnet.default": {
325
- "type": "aws_subnet",
326
- "depends_on": [
327
- "aws_vpc.default"
328
- ],
329
- "primary": {
330
- "id": "subnet-a4fdd0c3",
331
- "attributes": {
332
- "assign_ipv6_address_on_creation": "false",
333
- "availability_zone": "us-west-1a",
334
- "cidr_block": "10.0.1.0/24",
335
- "id": "subnet-a4fdd0c3",
336
- "map_public_ip_on_launch": "true",
337
- "tags.%": "0",
338
- "vpc_id": "vpc-14afcc73"
339
- },
340
- "meta": {
341
- "schema_version": "1"
342
- },
343
- "tainted": false
344
- },
345
- "deposed": [],
346
- "provider": "provider.aws"
347
- },
348
- "aws_vpc.default": {
349
- "type": "aws_vpc",
350
- "depends_on": [],
351
- "primary": {
352
- "id": "vpc-14afcc73",
353
- "attributes": {
354
- "assign_generated_ipv6_cidr_block": "false",
355
- "cidr_block": "10.0.0.0/16",
356
- "default_network_acl_id": "acl-a24575c5",
357
- "default_route_table_id": "rtb-25edfb42",
358
- "default_security_group_id": "sg-dcb94ca4",
359
- "dhcp_options_id": "dopt-d76783b2",
360
- "enable_classiclink": "false",
361
- "enable_classiclink_dns_support": "false",
362
- "enable_dns_hostnames": "false",
363
- "enable_dns_support": "true",
364
- "id": "vpc-14afcc73",
365
- "instance_tenancy": "default",
366
- "main_route_table_id": "rtb-25edfb42",
367
- "tags.%": "2",
368
- "tags.iggy_name_hong_kong": "hong-kong",
369
- "tags.iggy_url_hong_kong": "https://github.com/mattray/hong-kong-compliance"
370
- },
371
- "meta": {
372
- "schema_version": "1"
373
- },
374
- "tainted": false
375
- },
376
- "deposed": [],
377
- "provider": "provider.aws"
378
- }
379
- },
380
- "depends_on": []
381
- }
382
- ]
383
- }