inspec-iggy 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,40 +1,57 @@
1
1
  # helpers for working with InSpec-AWS profiles
2
2
 
3
- require 'yaml'
3
+ require "yaml"
4
4
 
5
5
  module InspecPlugins::Iggy::Platforms
6
6
  class AwsHelper
7
- # find the additional parameters
7
+ # find the additional parameters for the 'describe'.
8
+ # NOTE: the first entry is going to map to the 'id' from the .tfstate file
8
9
  AWS_RESOURCE_QUALIFIERS = {
10
+ "aws_ec2_instance" => %i{instance_id},
11
+ "aws_elb" => %i{load_balancer_name},
12
+ "aws_security_group" => %i{group_id vpc_id},
13
+ "aws_subnet" => %i{subnet_id},
14
+ "aws_vpc" => %i{vpc_id},
9
15
  }.freeze
10
16
 
11
17
  # the iterators for the various resource types
12
18
  AWS_RESOURCE_ITERATORS = {
19
+ "aws_ec2_instance" => { "iterator" => "aws_ec2_instances", "index" => "instance_ids", "qualifiers" => [:vpc_id] },
20
+ "aws_elb" => { "iterator" => "aws_elbs", "index" => "load_balancer_names", "qualifiers" => [:vpc_id] },
21
+ "aws_security_group" => { "iterator" => "aws_security_groups", "index" => "group_ids", "qualifiers" => [:vpc_id] },
22
+ "aws_subnet" => { "iterator" => "aws_subnets", "index" => "subnet_ids", "qualifiers" => [:vpc_id] },
23
+ "aws_vpc" => { "iterator" => "aws_vpcs", "index" => "vpc_ids" },
13
24
  }.freeze
14
25
 
15
26
  AWS_REMOVED_PROPERTIES = {
27
+ "aws_elb" => %i{health_check security_groups}, # not sure how to test this yet
28
+ "aws_ec2_instance" => %i{security_groups}, # not sure how to test this yet
29
+ }.freeze
30
+
31
+ AWS_TRANSLATED_RESOURCE_PROPERTIES = {
32
+ "aws_elb" => { "name" => "load_balancer_name" },
33
+ "aws_security_group" => { "name" => "group_name" },
16
34
  }.freeze
17
35
 
18
36
  # Terraform boilerplate controls/controls.rb content
19
37
  def self.tf_controls
20
- "\n\naws_vpc_id = attribute('aws_vpc_id', default: '', description: 'Optional AWS VPC identifier.')\n\n"
38
+ "\n"
21
39
  end
22
40
 
23
41
  # readme content
24
- def self.readme
25
- end
42
+ def self.readme; end
26
43
 
27
44
  # inspec.yml boilerplate content from
28
45
  # inspec/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
29
46
  def self.inspec_yml
30
47
  yml = {}
31
- yml['inspec_version'] = '~> 4'
32
- yml['depends'] = [{
33
- 'name' => 'inspec-aws',
34
- 'url' => 'https://github.com/inspec/inspec-aws/archive/master.tar.gz'
48
+ yml["inspec_version"] = "~> 4"
49
+ yml["depends"] = [{
50
+ "name" => "inspec-aws",
51
+ "url" => "https://github.com/inspec/inspec-aws/archive/master.tar.gz",
35
52
  }]
36
- yml['supports'] = [{
37
- 'platform' => 'aws'
53
+ yml["supports"] = [{
54
+ "platform" => "aws",
38
55
  }]
39
56
  yml
40
57
  end
@@ -1,6 +1,6 @@
1
1
  # helpers for working with InSpec-Azure profiles
2
2
 
3
- require 'yaml'
3
+ require "yaml"
4
4
 
5
5
  module InspecPlugins::Iggy::Platforms
6
6
  class AzureHelper
@@ -15,6 +15,9 @@ module InspecPlugins::Iggy::Platforms
15
15
  AZURE_REMOVED_PROPERTIES = {
16
16
  }.freeze
17
17
 
18
+ AZURE_TRANSLATED_RESOURCE_PROPERTIES = {
19
+ }.freeze
20
+
18
21
  # readme content
19
22
  def self.readme
20
23
  "\n"
@@ -24,13 +27,13 @@ module InspecPlugins::Iggy::Platforms
24
27
  # inspec/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml
25
28
  def self.inspec_yml
26
29
  yml = {}
27
- yml['inspec_version'] = '>= 2.2.7'
28
- yml['depends'] = [{
29
- 'name' => 'inspec-azure',
30
- 'url' => 'https://github.com/inspec/inspec-azure/archive/master.tar.gz'
30
+ yml["inspec_version"] = ">= 2.2.7"
31
+ yml["depends"] = [{
32
+ "name" => "inspec-azure",
33
+ "url" => "https://github.com/inspec/inspec-azure/archive/master.tar.gz",
31
34
  }]
32
- yml['supports'] = [{
33
- 'platform' => 'azure'
35
+ yml["supports"] = [{
36
+ "platform" => "azure",
34
37
  }]
35
38
  yml
36
39
  end
@@ -1,87 +1,87 @@
1
1
  # helpers for working with InSpec-GCP profiles
2
2
 
3
- require 'yaml'
3
+ require "yaml"
4
4
 
5
5
  module InspecPlugins::Iggy::Platforms
6
6
  class GcpHelper
7
7
  # find the additional parameters for the 'describe'
8
8
  GCP_RESOURCE_QUALIFIERS = {
9
- 'google_bigquery_dataset' => [:project, :name],
10
- 'google_bigquery_table' => [:project, :dataset, :name],
11
- 'google_cloudfunctions_cloud_function' => [:project, :location, :name],
12
- 'google_compute_address' => [:project, :location, :name],
13
- 'google_compute_autoscaler' => [:project, :zone, :name],
14
- 'google_compute_backend_bucket' => [:project, :name],
15
- 'google_compute_backend_service' => [:project, :name],
16
- 'google_compute_disk' => [:project, :name, :zone],
17
- 'google_compute_firewall' => [:project, :name],
18
- 'google_compute_forwarding_rule' => [:project, :region, :name],
19
- 'google_compute_global_address' => [:project, :name],
20
- 'google_compute_global_forwarding_rule' => [:project, :name],
21
- 'google_compute_health_check' => [:project, :name],
22
- 'google_compute_http_health_check' => [:project, :name],
23
- 'google_compute_https_health_check' => [:project, :name],
24
- 'google_compute_image' => [:project, :name],
25
- 'google_compute_instance' => [:project, :zone, :name],
26
- 'google_compute_instance_group' => [:project, :zone, :name],
27
- 'google_compute_instance_group_manager' => [:project, :zone, :name],
28
- 'google_compute_instance_template' => [:project, :name],
29
- 'google_compute_network' => [:project, :name],
30
- 'google_compute_project_info' => [:project],
31
- 'google_compute_region' => [:project, :name],
32
- 'google_compute_region_backend_service' => [:project, :region, :name],
33
- 'google_compute_region_instance_group_manager' => [:project, :region, :name],
34
- 'google_compute_route' => [:project, :name],
35
- 'google_compute_router' => [:project, :region, :name],
36
- 'google_compute_snapshot' => [:project, :name],
37
- 'google_compute_ssl_certificate' => [:project, :name],
38
- 'google_compute_ssl_policy' => [:project, :name],
39
- 'google_compute_subnetwork' => [:project, :region, :name],
40
- 'google_compute_subnetwork_iam_policy' => [:project, :region, :name],
41
- 'google_compute_target_http_proxy' => [:project, :name],
42
- 'google_compute_target_https_proxy' => [:project, :name],
43
- 'google_compute_target_pool' => [:project, :region, :name],
44
- 'google_compute_target_tcp_proxy' => [:project, :name],
45
- 'google_compute_url_map' => [:project, :name],
46
- 'google_compute_vpn_tunnel' => [:project, :region, :name],
47
- 'google_compute_zone' => [:project, :zone],
48
- 'google_container_cluster' => [:project, :zone, :name],
49
- 'google_container_node_pool' => [:project, :zone, :cluster_name, :nodepool_name],
50
- 'google_container_regional_cluster' => [:project, :location, :name],
51
- 'google_container_regional_node_pool' => [:project, :location, :cluster, :name],
52
- 'google_dns_managed_zone' => [:project, :zone],
53
- 'google_dns_resource_record_set' => [:project, :name, :type, :managed_zone],
54
- 'google_kms_crypto_key' => [:project, :location, :key_ring_name, :name],
55
- 'google_kms_crypto_key_iam_binding' => [:crypto_key_url, :role],
56
- 'google_kms_key_ring' => [:project, :location, :name],
57
- 'google_kms_key_ring_iam_binding' => [:key_ring_url, :role],
58
- 'google_logging_project_exclusion' => [:project, :exclusion],
59
- 'google_logging_project_sink' => [:project, :sink],
60
- 'google_organization' => [:display_name],
61
- 'google_organization_policy' => [:name, :constraints],
62
- 'google_project' => [:project],
63
- 'google_project_alert_policy' => [:policy],
64
- 'google_project_alert_policy_condition' => [:name, :filter],
65
- 'google_project_iam_binding' => [:project, :role],
66
- 'google_project_iam_custom_role' => [:project, :name],
67
- 'google_project_logging_audit_config' => [:project],
68
- 'google_project_metric' => [:project, :metric],
69
- 'google_pubsub_subscription' => [:project, :name],
70
- 'google_pubsub_subscription_iam_policy' => [:project, :name],
71
- 'google_pubsub_topic' => [:project, :name],
72
- 'google_pubsub_topic_iam_policy' => [:project, :name],
73
- 'google_resourcemanager_organization_policy' => [:organization_name, :constraint],
74
- 'google_service_account' => [:name],
75
- 'google_service_account_key' => [:name],
76
- 'google_sourcerepo_repository' => [:project, :name],
77
- 'google_sql_database_instance' => [:project, :database],
78
- 'google_storage_bucket' => [:name],
79
- 'google_storage_bucket_acl' => [:bucket, :entity],
80
- 'google_storage_bucket_iam_binding' => [:bucket, :role],
81
- 'google_storage_bucket_object' => [:bucket, :object],
82
- 'google_storage_default_object_acl' => [:bucket, :entity],
83
- 'google_storage_object_acl' => [:bucket, :object, :entity],
84
- 'google_user' => [:user_key]
9
+ "google_bigquery_dataset" => %i{project name},
10
+ "google_bigquery_table" => %i{project dataset name},
11
+ "google_cloudfunctions_cloud_function" => %i{project location name},
12
+ "google_compute_address" => %i{project location name},
13
+ "google_compute_autoscaler" => %i{project zone name},
14
+ "google_compute_backend_bucket" => %i{project name},
15
+ "google_compute_backend_service" => %i{project name},
16
+ "google_compute_disk" => %i{project name zone},
17
+ "google_compute_firewall" => %i{project name},
18
+ "google_compute_forwarding_rule" => %i{project region name},
19
+ "google_compute_global_address" => %i{project name},
20
+ "google_compute_global_forwarding_rule" => %i{project name},
21
+ "google_compute_health_check" => %i{project name},
22
+ "google_compute_http_health_check" => %i{project name},
23
+ "google_compute_https_health_check" => %i{project name},
24
+ "google_compute_image" => %i{project name},
25
+ "google_compute_instance" => %i{project zone name},
26
+ "google_compute_instance_group" => %i{project zone name},
27
+ "google_compute_instance_group_manager" => %i{project zone name},
28
+ "google_compute_instance_template" => %i{project name},
29
+ "google_compute_network" => %i{project name},
30
+ "google_compute_project_info" => [:project],
31
+ "google_compute_region" => %i{project name},
32
+ "google_compute_region_backend_service" => %i{project region name},
33
+ "google_compute_region_instance_group_manager" => %i{project region name},
34
+ "google_compute_route" => %i{project name},
35
+ "google_compute_router" => %i{project region name},
36
+ "google_compute_snapshot" => %i{project name},
37
+ "google_compute_ssl_certificate" => %i{project name},
38
+ "google_compute_ssl_policy" => %i{project name},
39
+ "google_compute_subnetwork" => %i{project region name},
40
+ "google_compute_subnetwork_iam_policy" => %i{project region name},
41
+ "google_compute_target_http_proxy" => %i{project name},
42
+ "google_compute_target_https_proxy" => %i{project name},
43
+ "google_compute_target_pool" => %i{project region name},
44
+ "google_compute_target_tcp_proxy" => %i{project name},
45
+ "google_compute_url_map" => %i{project name},
46
+ "google_compute_vpn_tunnel" => %i{project region name},
47
+ "google_compute_zone" => %i{project zone},
48
+ "google_container_cluster" => %i{project zone name},
49
+ "google_container_node_pool" => %i{project zone cluster_name nodepool_name},
50
+ "google_container_regional_cluster" => %i{project location name},
51
+ "google_container_regional_node_pool" => %i{project location cluster name},
52
+ "google_dns_managed_zone" => %i{project zone},
53
+ "google_dns_resource_record_set" => %i{project name type managed_zone},
54
+ "google_kms_crypto_key" => %i{project location key_ring_name name},
55
+ "google_kms_crypto_key_iam_binding" => %i{crypto_key_url role},
56
+ "google_kms_key_ring" => %i{project location name},
57
+ "google_kms_key_ring_iam_binding" => %i{key_ring_url role},
58
+ "google_logging_project_exclusion" => %i{project exclusion},
59
+ "google_logging_project_sink" => %i{project sink},
60
+ "google_organization" => [:display_name],
61
+ "google_organization_policy" => %i{name constraints},
62
+ "google_project" => [:project],
63
+ "google_project_alert_policy" => [:policy],
64
+ "google_project_alert_policy_condition" => %i{name filter},
65
+ "google_project_iam_binding" => %i{project role},
66
+ "google_project_iam_custom_role" => %i{project name},
67
+ "google_project_logging_audit_config" => [:project],
68
+ "google_project_metric" => %i{project metric},
69
+ "google_pubsub_subscription" => %i{project name},
70
+ "google_pubsub_subscription_iam_policy" => %i{project name},
71
+ "google_pubsub_topic" => %i{project name},
72
+ "google_pubsub_topic_iam_policy" => %i{project name},
73
+ "google_resourcemanager_organization_policy" => %i{organization_name constraint},
74
+ "google_service_account" => [:name],
75
+ "google_service_account_key" => [:name],
76
+ "google_sourcerepo_repository" => %i{project name},
77
+ "google_sql_database_instance" => %i{project database},
78
+ "google_storage_bucket" => [:name],
79
+ "google_storage_bucket_acl" => %i{bucket entity},
80
+ "google_storage_bucket_iam_binding" => %i{bucket role},
81
+ "google_storage_bucket_object" => %i{bucket object},
82
+ "google_storage_default_object_acl" => %i{bucket entity},
83
+ "google_storage_object_acl" => %i{bucket object entity},
84
+ "google_user" => [:user_key],
85
85
  }.freeze
86
86
 
87
87
  # the iterators for the various resource types
@@ -99,68 +99,69 @@ module InspecPlugins::Iggy::Platforms
99
99
  # 'google_organization' => { 'iterator' => 'google_organizations', 'index' => 'names', 'qualifiers' => [] }, # organizations are not managed by Terraform
100
100
  # 'google_project' => { 'iterator' => 'google_projects', 'index' => 'project_names', 'qualifiers' => [] }, # projects are not managed by Terraform
101
101
  # 'google_project_iam_binding' => { 'iterator' => 'google_project_iam_bindings', 'index' => 'iam_binding_roles', 'qualifiers' => [:project] },
102
- 'google_bigquery_dataset' => { 'iterator' => 'google_bigquery_datasets', 'index' => 'names', 'qualifiers' => [:project] },
103
- 'google_bigquery_table' => { 'iterator' => 'google_bigquery_tables', 'index' => 'table_references', 'qualifiers' => [:project, :dataset] },
104
- 'google_cloudbuild_trigger' => { 'iterator' => 'google_cloudbuild_triggers', 'index' => 'names', 'qualifiers' => [:project] },
105
- 'google_cloudfunctions_cloud_function' => { 'iterator' => 'google_cloudfunctions_cloud_functions', 'index' => 'names', 'qualifiers' => [:project, :location] },
106
- 'google_compute_autoscaler' => { 'iterator' => 'google_compute_autoscalers', 'index' => 'names', 'qualifiers' => [:project, :zone] },
107
- 'google_compute_backend_bucket' => { 'iterator' => 'google_compute_backend_buckets', 'index' => 'names', 'qualifiers' => [:project] },
108
- 'google_compute_backend_service' => { 'iterator' => 'google_compute_backend_services', 'index' => 'names', 'qualifiers' => [:project] },
109
- 'google_compute_firewall' => { 'iterator' => 'google_compute_firewalls', 'index' => 'firewall_names', 'qualifiers' => [:project] },
110
- 'google_compute_forwarding_rule' => { 'iterator' => 'google_compute_forwarding_rules', 'index' => 'forwarding_rule_names', 'qualifiers' => [:project, :region] },
111
- 'google_compute_health_check' => { 'iterator' => 'google_compute_health_checks', 'index' => 'names', 'qualifiers' => [:project] },
112
- 'google_compute_http_health_check' => { 'iterator' => 'google_compute_http_health_checks', 'index' => 'names', 'qualifiers' => [:project] },
113
- 'google_compute_https_health_check' => { 'iterator' => 'google_compute_https_health_checks', 'index' => 'names', 'qualifiers' => [:project] },
114
- 'google_compute_instance' => { 'iterator' => 'google_compute_instances', 'index' => 'instance_names', 'qualifiers' => [:project, :zone] },
115
- 'google_compute_instance_group' => { 'iterator' => 'google_compute_instance_groups', 'index' => 'instance_group_names', 'qualifiers' => [:project, :zone] },
116
- 'google_compute_instance_group_manager' => { 'iterator' => 'google_compute_instance_group_managers', 'index' => 'base_instance_names', 'qualifiers' => [:project, :zone] },
117
- 'google_compute_instance_template' => { 'iterator' => 'google_compute_instance_templates', 'index' => 'names', 'qualifiers' => [:project] },
118
- 'google_compute_router' => { 'iterator' => 'google_compute_routers', 'index' => 'names', 'qualifiers' => [:project, :region] },
119
- 'google_compute_snapshot' => { 'iterator' => 'google_compute_snapshots', 'index' => 'names', 'qualifiers' => [:project] },
120
- 'google_compute_ssl_certificate' => { 'iterator' => 'google_compute_ssl_certificates', 'index' => 'names', 'qualifiers' => [:project] },
121
- 'google_compute_ssl_policy' => { 'iterator' => 'google_compute_ssl_policies', 'index' => 'names', 'qualifiers' => [:project] },
122
- 'google_compute_target_http_proxy' => { 'iterator' => 'google_compute_target_http_proxies', 'index' => 'names', 'qualifiers' => [:project] },
123
- 'google_compute_target_https_proxy' => { 'iterator' => 'google_compute_target_https_proxies', 'index' => 'names', 'qualifiers' => [:project] },
124
- 'google_compute_target_pool' => { 'iterator' => 'google_compute_target_pools', 'index' => 'names', 'qualifiers' => [:project, :region] },
125
- 'google_compute_target_tcp_proxy' => { 'iterator' => 'google_compute_target_tcp_proxies', 'index' => 'names', 'qualifiers' => [:project] },
126
- 'google_compute_url_map' => { 'iterator' => 'google_compute_url_maps', 'index' => 'names', 'qualifiers' => [:project] },
127
- 'google_compute_vpn_tunnel' => { 'iterator' => 'google_compute_vpn_tunnels', 'index' => 'vpn_tunnel_names', 'qualifiers' => [:project, :region] },
128
- 'google_container_cluster' => { 'iterator' => 'google_container_clusters', 'index' => 'cluster_names', 'qualifiers' => [:project, :zone] },
129
- 'google_container_node_pool' => { 'iterator' => 'google_container_node_pools', 'index' => 'node_pool_names', 'qualifiers' => [:project, :zone, :cluster_name] },
130
- 'google_container_regional_cluster' => { 'iterator' => 'google_container_regional_clusters', 'index' => 'names', 'qualifiers' => [:project, :location] },
131
- 'google_dns_managed_zone' => { 'iterator' => 'google_dns_managed_zones', 'index' => 'zone_names', 'qualifiers' => [:project] },
132
- 'google_dns_resource_record_set' => { 'iterator' => 'google_dns_resource_record_sets', 'index' => 'names', 'qualifiers' => [:project, :managed_zone] },
133
- 'google_kms_crypto_key' => { 'iterator' => 'google_kms_crypto_keys', 'index' => 'crypto_key_names', 'qualifiers' => [:project, :location, :key_ring_name] },
134
- 'google_logging_project_sink' => { 'iterator' => 'google_logging_project_sinks', 'index' => 'sink_names', 'qualifiers' => [:project] },
135
- 'google_project_alert_policy' => { 'iterator' => 'google_project_alert_policies', 'index' => 'policy_names', 'qualifiers' => [:project] },
136
- 'google_project_metric' => { 'iterator' => 'google_project_metrics', 'index' => 'metric_names', 'qualifiers' => [:project] },
137
- 'google_pubsub_subscription' => { 'iterator' => 'google_pubsub_subscriptions', 'index' => 'names', 'qualifiers' => [:project] },
102
+ "google_bigquery_dataset" => { "iterator" => "google_bigquery_datasets", "index" => "names", "qualifiers" => [:project] },
103
+ "google_bigquery_table" => { "iterator" => "google_bigquery_tables", "index" => "table_references", "qualifiers" => %i{project dataset} },
104
+ "google_cloudbuild_trigger" => { "iterator" => "google_cloudbuild_triggers", "index" => "names", "qualifiers" => [:project] },
105
+ "google_cloudfunctions_cloud_function" => { "iterator" => "google_cloudfunctions_cloud_functions", "index" => "names", "qualifiers" => %i{project location} },
106
+ "google_compute_autoscaler" => { "iterator" => "google_compute_autoscalers", "index" => "names", "qualifiers" => %i{project zone} },
107
+ "google_compute_backend_bucket" => { "iterator" => "google_compute_backend_buckets", "index" => "names", "qualifiers" => [:project] },
108
+ "google_compute_backend_service" => { "iterator" => "google_compute_backend_services", "index" => "names", "qualifiers" => [:project] },
109
+ "google_compute_firewall" => { "iterator" => "google_compute_firewalls", "index" => "firewall_names", "qualifiers" => [:project] },
110
+ "google_compute_forwarding_rule" => { "iterator" => "google_compute_forwarding_rules", "index" => "forwarding_rule_names", "qualifiers" => %i{project region} },
111
+ "google_compute_health_check" => { "iterator" => "google_compute_health_checks", "index" => "names", "qualifiers" => [:project] },
112
+ "google_compute_http_health_check" => { "iterator" => "google_compute_http_health_checks", "index" => "names", "qualifiers" => [:project] },
113
+ "google_compute_https_health_check" => { "iterator" => "google_compute_https_health_checks", "index" => "names", "qualifiers" => [:project] },
114
+ "google_compute_instance" => { "iterator" => "google_compute_instances", "index" => "instance_names", "qualifiers" => %i{project zone} },
115
+ "google_compute_instance_group" => { "iterator" => "google_compute_instance_groups", "index" => "instance_group_names", "qualifiers" => %i{project zone} },
116
+ "google_compute_instance_group_manager" => { "iterator" => "google_compute_instance_group_managers", "index" => "base_instance_names", "qualifiers" => %i{project zone} },
117
+ "google_compute_instance_template" => { "iterator" => "google_compute_instance_templates", "index" => "names", "qualifiers" => [:project] },
118
+ "google_compute_router" => { "iterator" => "google_compute_routers", "index" => "names", "qualifiers" => %i{project region} },
119
+ "google_compute_snapshot" => { "iterator" => "google_compute_snapshots", "index" => "names", "qualifiers" => [:project] },
120
+ "google_compute_ssl_certificate" => { "iterator" => "google_compute_ssl_certificates", "index" => "names", "qualifiers" => [:project] },
121
+ "google_compute_ssl_policy" => { "iterator" => "google_compute_ssl_policies", "index" => "names", "qualifiers" => [:project] },
122
+ "google_compute_target_http_proxy" => { "iterator" => "google_compute_target_http_proxies", "index" => "names", "qualifiers" => [:project] },
123
+ "google_compute_target_https_proxy" => { "iterator" => "google_compute_target_https_proxies", "index" => "names", "qualifiers" => [:project] },
124
+ "google_compute_target_pool" => { "iterator" => "google_compute_target_pools", "index" => "names", "qualifiers" => %i{project region} },
125
+ "google_compute_target_tcp_proxy" => { "iterator" => "google_compute_target_tcp_proxies", "index" => "names", "qualifiers" => [:project] },
126
+ "google_compute_url_map" => { "iterator" => "google_compute_url_maps", "index" => "names", "qualifiers" => [:project] },
127
+ "google_compute_vpn_tunnel" => { "iterator" => "google_compute_vpn_tunnels", "index" => "vpn_tunnel_names", "qualifiers" => %i{project region} },
128
+ "google_container_cluster" => { "iterator" => "google_container_clusters", "index" => "cluster_names", "qualifiers" => %i{project zone} },
129
+ "google_container_node_pool" => { "iterator" => "google_container_node_pools", "index" => "node_pool_names", "qualifiers" => %i{project zone cluster_name} },
130
+ "google_container_regional_cluster" => { "iterator" => "google_container_regional_clusters", "index" => "names", "qualifiers" => %i{project location} },
131
+ "google_dns_managed_zone" => { "iterator" => "google_dns_managed_zones", "index" => "zone_names", "qualifiers" => [:project] },
132
+ "google_dns_resource_record_set" => { "iterator" => "google_dns_resource_record_sets", "index" => "names", "qualifiers" => %i{project managed_zone} },
133
+ "google_kms_crypto_key" => { "iterator" => "google_kms_crypto_keys", "index" => "crypto_key_names", "qualifiers" => %i{project location key_ring_name} },
134
+ "google_logging_project_sink" => { "iterator" => "google_logging_project_sinks", "index" => "sink_names", "qualifiers" => [:project] },
135
+ "google_project_alert_policy" => { "iterator" => "google_project_alert_policies", "index" => "policy_names", "qualifiers" => [:project] },
136
+ "google_project_metric" => { "iterator" => "google_project_metrics", "index" => "metric_names", "qualifiers" => [:project] },
137
+ "google_pubsub_subscription" => { "iterator" => "google_pubsub_subscriptions", "index" => "names", "qualifiers" => [:project] },
138
138
  }.freeze
139
139
 
140
140
  GCP_REMOVED_PROPERTIES = {
141
- 'google_compute_http_health_check' => [:self_link, :id, :creation_timestamp], # id: terraform has name not id, self_link: undocumented but broken, creation_timestamp api incompatibility
142
- 'google_compute_instance' => [:label_fingerprint, :machine_type, :min_cpu_platform, :zone], # label_fingerprint, machine_type, zone api incompatibility | min_cpu_platform undefined
143
- 'google_compute_instance_group' => [:zone], # zone api incompatibility issue
144
- 'google_compute_forwarding_rule' => [:backend_service, :ip_version, :network, :region, :subnetwork], # :backend_service, :ip_version, :network, :region, :subnetwork api incompatibility
145
- 'google_compute_target_pool' => [:backup_pool, :failover_ratio, :id, :region, :self_link], # api incompatibility
141
+ "google_compute_http_health_check" => %i{self_link id creation_timestamp}, # id: terraform has name not id, self_link: undocumented but broken, creation_timestamp api incompatibility
142
+ "google_compute_instance" => %i{label_fingerprint machine_type min_cpu_platform zone}, # label_fingerprint, machine_type, zone api incompatibility | min_cpu_platform undefined
143
+ "google_compute_instance_group" => [:zone], # zone api incompatibility issue
144
+ "google_compute_forwarding_rule" => %i{backend_service ip_version network region subnetwork}, # :backend_service, :ip_version, :network, :region, :subnetwork api incompatibility
145
+ "google_compute_target_pool" => %i{backup_pool failover_ratio id region self_link}, # api incompatibility
146
+ }.freeze
146
147
 
148
+ GCP_TRANSLATED_RESOURCE_PROPERTIES = {
147
149
  }.freeze
148
150
 
149
151
  # readme content
150
- def self.readme
151
- end
152
+ def self.readme; end
152
153
 
153
154
  # inspec.yml boilerplate content from
154
155
  # inspec/lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
155
156
  def self.inspec_yml
156
157
  yml = {}
157
- yml['inspec_version'] = '>= 2.3.5'
158
- yml['depends'] = [{
159
- 'name' => 'inspec-gcp',
160
- 'url' => 'https://github.com/inspec/inspec-gcp/archive/master.tar.gz'
158
+ yml["inspec_version"] = ">= 2.3.5"
159
+ yml["depends"] = [{
160
+ "name" => "inspec-gcp",
161
+ "url" => "https://github.com/inspec/inspec-gcp/archive/master.tar.gz",
161
162
  }]
162
- yml['supports'] = [{
163
- 'platform' => 'gcp'
163
+ yml["supports"] = [{
164
+ "platform" => "gcp",
164
165
  }]
165
166
  yml
166
167
  end
@@ -1,4 +1,4 @@
1
- require 'inspec/plugin/v2'
1
+ require "inspec/plugin/v2"
2
2
 
3
3
  # The InspecPlugins namespace is where all plugins should declare themselves.
4
4
  # The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
@@ -14,7 +14,7 @@ module InspecPlugins
14
14
  # should be ready to do so. So, load the file that defines the functionality.
15
15
  # For example, InSpec will activate this hook when `inspec help` is
16
16
  # executed, so that this plugin's usage message will be included in the help.
17
- require 'inspec-iggy/terraform/cli_command'
17
+ require "inspec-iggy/terraform/cli_command"
18
18
 
19
19
  # Having loaded our functionality, return a class that will let the
20
20
  # CLI engine tap into it.
@@ -22,9 +22,15 @@ module InspecPlugins
22
22
  end
23
23
 
24
24
  cli_command :cloudformation do
25
- require 'inspec-iggy/cloudformation/cli_command'
25
+ require "inspec-iggy/cloudformation/cli_command"
26
26
  InspecPlugins::Iggy::CloudFormation::CliCommand
27
27
  end
28
+
29
+ cli_command :iggy do
30
+ require "inspec-iggy/iggy_cli_command"
31
+ InspecPlugins::Iggy::CliCommand
32
+ end
33
+
28
34
  end
29
35
  end
30
36
  end
@@ -1,11 +1,11 @@
1
1
  # -*- coding: utf-8 -*-
2
2
  # renders the profile from the parsed files
3
3
 
4
- require 'yaml'
4
+ require "yaml"
5
5
 
6
- require 'inspec-iggy/platforms/aws_helper'
7
- require 'inspec-iggy/platforms/azure_helper'
8
- require 'inspec-iggy/platforms/gcp_helper'
6
+ require "inspec-iggy/platforms/aws_helper"
7
+ require "inspec-iggy/platforms/azure_helper"
8
+ require "inspec-iggy/platforms/gcp_helper"
9
9
 
10
10
  module InspecPlugins
11
11
  module Iggy
@@ -17,7 +17,7 @@ module InspecPlugins
17
17
  overwrite_mode = options[:overwrite]
18
18
 
19
19
  # --------------------------- InSpec Code Generator ---------------------------
20
- cli.headline('InSpec Iggy Code Generator')
20
+ cli.headline("InSpec Iggy Code Generator")
21
21
 
22
22
  full_destination_path = Pathname.new(Dir.pwd).join(name)
23
23
 
@@ -34,7 +34,7 @@ module InspecPlugins
34
34
  # * Creating file README.md
35
35
  render_readme_md(cli, name, source_file, platform)
36
36
  # * Creating directory controls
37
- cli.list_item "Creating directory #{cli.emphasis('controls')}"
37
+ cli.list_item "Creating directory #{cli.emphasis("controls")}"
38
38
  FileUtils.mkdir_p("#{name}/controls")
39
39
  # * Creating file controls/generated.rb
40
40
  render_controls_rb(cli, name, controls)
@@ -44,44 +44,44 @@ module InspecPlugins
44
44
  end
45
45
 
46
46
  def self.render_readme_md(cli, name, source_file, platform)
47
- cli.list_item "Creating file #{cli.emphasis('README.md')}"
48
- f = File.new("#{name}/README.md", 'w')
47
+ cli.list_item "Creating file #{cli.emphasis("README.md")}"
48
+ f = File.new("#{name}/README.md", "w")
49
49
  f.puts("# #{name}")
50
50
  f.puts
51
51
  f.puts("This profile was generated by InSpec-Iggy v#{Iggy::VERSION} from the #{source_file} source file.")
52
52
 
53
- f.puts(InspecPlugins::Iggy::Platforms::AwsHelper.readme) if platform.eql?('aws')
54
- f.puts(InspecPlugins::Iggy::Platforms::AzureHelper.readme) if platform.eql?('azure')
55
- f.puts(InspecPlugins::Iggy::Platforms::GcpHelper.readme) if platform.eql?('gcp')
53
+ f.puts(InspecPlugins::Iggy::Platforms::AwsHelper.readme) if platform.eql?("aws")
54
+ f.puts(InspecPlugins::Iggy::Platforms::AzureHelper.readme) if platform.eql?("azure")
55
+ f.puts(InspecPlugins::Iggy::Platforms::GcpHelper.readme) if platform.eql?("gcp")
56
56
 
57
57
  f.close
58
58
  end
59
59
 
60
60
  def self.render_inspec_yml(cli, name, source_file, options, platform)
61
- cli.list_item "Creating file #{cli.emphasis('inspec.yml')}"
61
+ cli.list_item "Creating file #{cli.emphasis("inspec.yml")}"
62
62
  yml = {}
63
- yml['name'] = name
64
- yml['title'] = options[:title]
65
- yml['maintainer'] = options[:maintainer]
66
- yml['copyright'] = options[:copyright]
67
- yml['copyright_email'] = options[:email]
68
- yml['license'] = options[:license]
69
- yml['summary'] = options[:summary]
70
- yml['version'] = options[:version]
71
- yml['description'] = "Generated by InSpec-Iggy v#{Iggy::VERSION} from the #{source_file} source file."
63
+ yml["name"] = name
64
+ yml["title"] = options[:title]
65
+ yml["maintainer"] = options[:maintainer]
66
+ yml["copyright"] = options[:copyright]
67
+ yml["copyright_email"] = options[:email]
68
+ yml["license"] = options[:license]
69
+ yml["summary"] = options[:summary]
70
+ yml["version"] = options[:version]
71
+ yml["description"] = "Generated by InSpec-Iggy v#{Iggy::VERSION} from the #{source_file} source file."
72
72
 
73
- yml.merge!(InspecPlugins::Iggy::Platforms::AwsHelper.inspec_yml) if platform.eql?('aws')
74
- yml.merge!(InspecPlugins::Iggy::Platforms::AzureHelper.inspec_yml) if platform.eql?('azure')
75
- yml.merge!(InspecPlugins::Iggy::Platforms::GcpHelper.inspec_yml) if platform.eql?('gcp')
73
+ yml.merge!(InspecPlugins::Iggy::Platforms::AwsHelper.inspec_yml) if platform.eql?("aws")
74
+ yml.merge!(InspecPlugins::Iggy::Platforms::AzureHelper.inspec_yml) if platform.eql?("azure")
75
+ yml.merge!(InspecPlugins::Iggy::Platforms::GcpHelper.inspec_yml) if platform.eql?("gcp")
76
76
 
77
- f = File.new("#{name}/inspec.yml", 'w')
77
+ f = File.new("#{name}/inspec.yml", "w")
78
78
  f.write(yml.to_yaml)
79
79
  f.close
80
80
  end
81
81
 
82
82
  def self.render_controls_rb(cli, name, controls)
83
- cli.list_item "Creating file #{cli.emphasis('controls/generated.rb')}"
84
- f = File.new("#{name}/controls/generated.rb", 'w')
83
+ cli.list_item "Creating file #{cli.emphasis("controls/generated.rb")}"
84
+ f = File.new("#{name}/controls/generated.rb", "w")
85
85
  f.write(controls)
86
86
  f.close
87
87
  end