inspec-iggy 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +8 -25
- data/README.md +5 -5
- data/inspec-iggy.gemspec +12 -12
- data/lib/inspec-iggy.rb +1 -1
- data/lib/inspec-iggy/cloudformation/cli_command.rb +28 -37
- data/lib/inspec-iggy/cloudformation/generate.rb +24 -24
- data/lib/inspec-iggy/file_helper.rb +2 -2
- data/lib/inspec-iggy/iggy_cli_command.rb +18 -0
- data/lib/inspec-iggy/inspec_helper.rb +166 -178
- data/lib/inspec-iggy/platforms/aws_helper.rb +28 -11
- data/lib/inspec-iggy/platforms/azure_helper.rb +10 -7
- data/lib/inspec-iggy/platforms/gcp_helper.rb +127 -126
- data/lib/inspec-iggy/plugin.rb +9 -3
- data/lib/inspec-iggy/profile_helper.rb +27 -27
- data/lib/inspec-iggy/terraform/cli_command.rb +37 -46
- data/lib/inspec-iggy/terraform/generate.rb +56 -36
- data/lib/inspec-iggy/terraform/negative.rb +42 -23
- data/lib/inspec-iggy/version.rb +1 -1
- metadata +5 -4
@@ -1,40 +1,57 @@
|
|
1
1
|
# helpers for working with InSpec-AWS profiles
|
2
2
|
|
3
|
-
require
|
3
|
+
require "yaml"
|
4
4
|
|
5
5
|
module InspecPlugins::Iggy::Platforms
|
6
6
|
class AwsHelper
|
7
|
-
# find the additional parameters
|
7
|
+
# find the additional parameters for the 'describe'.
|
8
|
+
# NOTE: the first entry is going to map to the 'id' from the .tfstate file
|
8
9
|
AWS_RESOURCE_QUALIFIERS = {
|
10
|
+
"aws_ec2_instance" => %i{instance_id},
|
11
|
+
"aws_elb" => %i{load_balancer_name},
|
12
|
+
"aws_security_group" => %i{group_id vpc_id},
|
13
|
+
"aws_subnet" => %i{subnet_id},
|
14
|
+
"aws_vpc" => %i{vpc_id},
|
9
15
|
}.freeze
|
10
16
|
|
11
17
|
# the iterators for the various resource types
|
12
18
|
AWS_RESOURCE_ITERATORS = {
|
19
|
+
"aws_ec2_instance" => { "iterator" => "aws_ec2_instances", "index" => "instance_ids", "qualifiers" => [:vpc_id] },
|
20
|
+
"aws_elb" => { "iterator" => "aws_elbs", "index" => "load_balancer_names", "qualifiers" => [:vpc_id] },
|
21
|
+
"aws_security_group" => { "iterator" => "aws_security_groups", "index" => "group_ids", "qualifiers" => [:vpc_id] },
|
22
|
+
"aws_subnet" => { "iterator" => "aws_subnets", "index" => "subnet_ids", "qualifiers" => [:vpc_id] },
|
23
|
+
"aws_vpc" => { "iterator" => "aws_vpcs", "index" => "vpc_ids" },
|
13
24
|
}.freeze
|
14
25
|
|
15
26
|
AWS_REMOVED_PROPERTIES = {
|
27
|
+
"aws_elb" => %i{health_check security_groups}, # not sure how to test this yet
|
28
|
+
"aws_ec2_instance" => %i{security_groups}, # not sure how to test this yet
|
29
|
+
}.freeze
|
30
|
+
|
31
|
+
AWS_TRANSLATED_RESOURCE_PROPERTIES = {
|
32
|
+
"aws_elb" => { "name" => "load_balancer_name" },
|
33
|
+
"aws_security_group" => { "name" => "group_name" },
|
16
34
|
}.freeze
|
17
35
|
|
18
36
|
# Terraform boilerplate controls/controls.rb content
|
19
37
|
def self.tf_controls
|
20
|
-
"\n
|
38
|
+
"\n"
|
21
39
|
end
|
22
40
|
|
23
41
|
# readme content
|
24
|
-
def self.readme
|
25
|
-
end
|
42
|
+
def self.readme; end
|
26
43
|
|
27
44
|
# inspec.yml boilerplate content from
|
28
45
|
# inspec/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
|
29
46
|
def self.inspec_yml
|
30
47
|
yml = {}
|
31
|
-
yml[
|
32
|
-
yml[
|
33
|
-
|
34
|
-
|
48
|
+
yml["inspec_version"] = "~> 4"
|
49
|
+
yml["depends"] = [{
|
50
|
+
"name" => "inspec-aws",
|
51
|
+
"url" => "https://github.com/inspec/inspec-aws/archive/master.tar.gz",
|
35
52
|
}]
|
36
|
-
yml[
|
37
|
-
|
53
|
+
yml["supports"] = [{
|
54
|
+
"platform" => "aws",
|
38
55
|
}]
|
39
56
|
yml
|
40
57
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# helpers for working with InSpec-Azure profiles
|
2
2
|
|
3
|
-
require
|
3
|
+
require "yaml"
|
4
4
|
|
5
5
|
module InspecPlugins::Iggy::Platforms
|
6
6
|
class AzureHelper
|
@@ -15,6 +15,9 @@ module InspecPlugins::Iggy::Platforms
|
|
15
15
|
AZURE_REMOVED_PROPERTIES = {
|
16
16
|
}.freeze
|
17
17
|
|
18
|
+
AZURE_TRANSLATED_RESOURCE_PROPERTIES = {
|
19
|
+
}.freeze
|
20
|
+
|
18
21
|
# readme content
|
19
22
|
def self.readme
|
20
23
|
"\n"
|
@@ -24,13 +27,13 @@ module InspecPlugins::Iggy::Platforms
|
|
24
27
|
# inspec/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml
|
25
28
|
def self.inspec_yml
|
26
29
|
yml = {}
|
27
|
-
yml[
|
28
|
-
yml[
|
29
|
-
|
30
|
-
|
30
|
+
yml["inspec_version"] = ">= 2.2.7"
|
31
|
+
yml["depends"] = [{
|
32
|
+
"name" => "inspec-azure",
|
33
|
+
"url" => "https://github.com/inspec/inspec-azure/archive/master.tar.gz",
|
31
34
|
}]
|
32
|
-
yml[
|
33
|
-
|
35
|
+
yml["supports"] = [{
|
36
|
+
"platform" => "azure",
|
34
37
|
}]
|
35
38
|
yml
|
36
39
|
end
|
@@ -1,87 +1,87 @@
|
|
1
1
|
# helpers for working with InSpec-GCP profiles
|
2
2
|
|
3
|
-
require
|
3
|
+
require "yaml"
|
4
4
|
|
5
5
|
module InspecPlugins::Iggy::Platforms
|
6
6
|
class GcpHelper
|
7
7
|
# find the additional parameters for the 'describe'
|
8
8
|
GCP_RESOURCE_QUALIFIERS = {
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
9
|
+
"google_bigquery_dataset" => %i{project name},
|
10
|
+
"google_bigquery_table" => %i{project dataset name},
|
11
|
+
"google_cloudfunctions_cloud_function" => %i{project location name},
|
12
|
+
"google_compute_address" => %i{project location name},
|
13
|
+
"google_compute_autoscaler" => %i{project zone name},
|
14
|
+
"google_compute_backend_bucket" => %i{project name},
|
15
|
+
"google_compute_backend_service" => %i{project name},
|
16
|
+
"google_compute_disk" => %i{project name zone},
|
17
|
+
"google_compute_firewall" => %i{project name},
|
18
|
+
"google_compute_forwarding_rule" => %i{project region name},
|
19
|
+
"google_compute_global_address" => %i{project name},
|
20
|
+
"google_compute_global_forwarding_rule" => %i{project name},
|
21
|
+
"google_compute_health_check" => %i{project name},
|
22
|
+
"google_compute_http_health_check" => %i{project name},
|
23
|
+
"google_compute_https_health_check" => %i{project name},
|
24
|
+
"google_compute_image" => %i{project name},
|
25
|
+
"google_compute_instance" => %i{project zone name},
|
26
|
+
"google_compute_instance_group" => %i{project zone name},
|
27
|
+
"google_compute_instance_group_manager" => %i{project zone name},
|
28
|
+
"google_compute_instance_template" => %i{project name},
|
29
|
+
"google_compute_network" => %i{project name},
|
30
|
+
"google_compute_project_info" => [:project],
|
31
|
+
"google_compute_region" => %i{project name},
|
32
|
+
"google_compute_region_backend_service" => %i{project region name},
|
33
|
+
"google_compute_region_instance_group_manager" => %i{project region name},
|
34
|
+
"google_compute_route" => %i{project name},
|
35
|
+
"google_compute_router" => %i{project region name},
|
36
|
+
"google_compute_snapshot" => %i{project name},
|
37
|
+
"google_compute_ssl_certificate" => %i{project name},
|
38
|
+
"google_compute_ssl_policy" => %i{project name},
|
39
|
+
"google_compute_subnetwork" => %i{project region name},
|
40
|
+
"google_compute_subnetwork_iam_policy" => %i{project region name},
|
41
|
+
"google_compute_target_http_proxy" => %i{project name},
|
42
|
+
"google_compute_target_https_proxy" => %i{project name},
|
43
|
+
"google_compute_target_pool" => %i{project region name},
|
44
|
+
"google_compute_target_tcp_proxy" => %i{project name},
|
45
|
+
"google_compute_url_map" => %i{project name},
|
46
|
+
"google_compute_vpn_tunnel" => %i{project region name},
|
47
|
+
"google_compute_zone" => %i{project zone},
|
48
|
+
"google_container_cluster" => %i{project zone name},
|
49
|
+
"google_container_node_pool" => %i{project zone cluster_name nodepool_name},
|
50
|
+
"google_container_regional_cluster" => %i{project location name},
|
51
|
+
"google_container_regional_node_pool" => %i{project location cluster name},
|
52
|
+
"google_dns_managed_zone" => %i{project zone},
|
53
|
+
"google_dns_resource_record_set" => %i{project name type managed_zone},
|
54
|
+
"google_kms_crypto_key" => %i{project location key_ring_name name},
|
55
|
+
"google_kms_crypto_key_iam_binding" => %i{crypto_key_url role},
|
56
|
+
"google_kms_key_ring" => %i{project location name},
|
57
|
+
"google_kms_key_ring_iam_binding" => %i{key_ring_url role},
|
58
|
+
"google_logging_project_exclusion" => %i{project exclusion},
|
59
|
+
"google_logging_project_sink" => %i{project sink},
|
60
|
+
"google_organization" => [:display_name],
|
61
|
+
"google_organization_policy" => %i{name constraints},
|
62
|
+
"google_project" => [:project],
|
63
|
+
"google_project_alert_policy" => [:policy],
|
64
|
+
"google_project_alert_policy_condition" => %i{name filter},
|
65
|
+
"google_project_iam_binding" => %i{project role},
|
66
|
+
"google_project_iam_custom_role" => %i{project name},
|
67
|
+
"google_project_logging_audit_config" => [:project],
|
68
|
+
"google_project_metric" => %i{project metric},
|
69
|
+
"google_pubsub_subscription" => %i{project name},
|
70
|
+
"google_pubsub_subscription_iam_policy" => %i{project name},
|
71
|
+
"google_pubsub_topic" => %i{project name},
|
72
|
+
"google_pubsub_topic_iam_policy" => %i{project name},
|
73
|
+
"google_resourcemanager_organization_policy" => %i{organization_name constraint},
|
74
|
+
"google_service_account" => [:name],
|
75
|
+
"google_service_account_key" => [:name],
|
76
|
+
"google_sourcerepo_repository" => %i{project name},
|
77
|
+
"google_sql_database_instance" => %i{project database},
|
78
|
+
"google_storage_bucket" => [:name],
|
79
|
+
"google_storage_bucket_acl" => %i{bucket entity},
|
80
|
+
"google_storage_bucket_iam_binding" => %i{bucket role},
|
81
|
+
"google_storage_bucket_object" => %i{bucket object},
|
82
|
+
"google_storage_default_object_acl" => %i{bucket entity},
|
83
|
+
"google_storage_object_acl" => %i{bucket object entity},
|
84
|
+
"google_user" => [:user_key],
|
85
85
|
}.freeze
|
86
86
|
|
87
87
|
# the iterators for the various resource types
|
@@ -99,68 +99,69 @@ module InspecPlugins::Iggy::Platforms
|
|
99
99
|
# 'google_organization' => { 'iterator' => 'google_organizations', 'index' => 'names', 'qualifiers' => [] }, # organizations are not managed by Terraform
|
100
100
|
# 'google_project' => { 'iterator' => 'google_projects', 'index' => 'project_names', 'qualifiers' => [] }, # projects are not managed by Terraform
|
101
101
|
# 'google_project_iam_binding' => { 'iterator' => 'google_project_iam_bindings', 'index' => 'iam_binding_roles', 'qualifiers' => [:project] },
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
102
|
+
"google_bigquery_dataset" => { "iterator" => "google_bigquery_datasets", "index" => "names", "qualifiers" => [:project] },
|
103
|
+
"google_bigquery_table" => { "iterator" => "google_bigquery_tables", "index" => "table_references", "qualifiers" => %i{project dataset} },
|
104
|
+
"google_cloudbuild_trigger" => { "iterator" => "google_cloudbuild_triggers", "index" => "names", "qualifiers" => [:project] },
|
105
|
+
"google_cloudfunctions_cloud_function" => { "iterator" => "google_cloudfunctions_cloud_functions", "index" => "names", "qualifiers" => %i{project location} },
|
106
|
+
"google_compute_autoscaler" => { "iterator" => "google_compute_autoscalers", "index" => "names", "qualifiers" => %i{project zone} },
|
107
|
+
"google_compute_backend_bucket" => { "iterator" => "google_compute_backend_buckets", "index" => "names", "qualifiers" => [:project] },
|
108
|
+
"google_compute_backend_service" => { "iterator" => "google_compute_backend_services", "index" => "names", "qualifiers" => [:project] },
|
109
|
+
"google_compute_firewall" => { "iterator" => "google_compute_firewalls", "index" => "firewall_names", "qualifiers" => [:project] },
|
110
|
+
"google_compute_forwarding_rule" => { "iterator" => "google_compute_forwarding_rules", "index" => "forwarding_rule_names", "qualifiers" => %i{project region} },
|
111
|
+
"google_compute_health_check" => { "iterator" => "google_compute_health_checks", "index" => "names", "qualifiers" => [:project] },
|
112
|
+
"google_compute_http_health_check" => { "iterator" => "google_compute_http_health_checks", "index" => "names", "qualifiers" => [:project] },
|
113
|
+
"google_compute_https_health_check" => { "iterator" => "google_compute_https_health_checks", "index" => "names", "qualifiers" => [:project] },
|
114
|
+
"google_compute_instance" => { "iterator" => "google_compute_instances", "index" => "instance_names", "qualifiers" => %i{project zone} },
|
115
|
+
"google_compute_instance_group" => { "iterator" => "google_compute_instance_groups", "index" => "instance_group_names", "qualifiers" => %i{project zone} },
|
116
|
+
"google_compute_instance_group_manager" => { "iterator" => "google_compute_instance_group_managers", "index" => "base_instance_names", "qualifiers" => %i{project zone} },
|
117
|
+
"google_compute_instance_template" => { "iterator" => "google_compute_instance_templates", "index" => "names", "qualifiers" => [:project] },
|
118
|
+
"google_compute_router" => { "iterator" => "google_compute_routers", "index" => "names", "qualifiers" => %i{project region} },
|
119
|
+
"google_compute_snapshot" => { "iterator" => "google_compute_snapshots", "index" => "names", "qualifiers" => [:project] },
|
120
|
+
"google_compute_ssl_certificate" => { "iterator" => "google_compute_ssl_certificates", "index" => "names", "qualifiers" => [:project] },
|
121
|
+
"google_compute_ssl_policy" => { "iterator" => "google_compute_ssl_policies", "index" => "names", "qualifiers" => [:project] },
|
122
|
+
"google_compute_target_http_proxy" => { "iterator" => "google_compute_target_http_proxies", "index" => "names", "qualifiers" => [:project] },
|
123
|
+
"google_compute_target_https_proxy" => { "iterator" => "google_compute_target_https_proxies", "index" => "names", "qualifiers" => [:project] },
|
124
|
+
"google_compute_target_pool" => { "iterator" => "google_compute_target_pools", "index" => "names", "qualifiers" => %i{project region} },
|
125
|
+
"google_compute_target_tcp_proxy" => { "iterator" => "google_compute_target_tcp_proxies", "index" => "names", "qualifiers" => [:project] },
|
126
|
+
"google_compute_url_map" => { "iterator" => "google_compute_url_maps", "index" => "names", "qualifiers" => [:project] },
|
127
|
+
"google_compute_vpn_tunnel" => { "iterator" => "google_compute_vpn_tunnels", "index" => "vpn_tunnel_names", "qualifiers" => %i{project region} },
|
128
|
+
"google_container_cluster" => { "iterator" => "google_container_clusters", "index" => "cluster_names", "qualifiers" => %i{project zone} },
|
129
|
+
"google_container_node_pool" => { "iterator" => "google_container_node_pools", "index" => "node_pool_names", "qualifiers" => %i{project zone cluster_name} },
|
130
|
+
"google_container_regional_cluster" => { "iterator" => "google_container_regional_clusters", "index" => "names", "qualifiers" => %i{project location} },
|
131
|
+
"google_dns_managed_zone" => { "iterator" => "google_dns_managed_zones", "index" => "zone_names", "qualifiers" => [:project] },
|
132
|
+
"google_dns_resource_record_set" => { "iterator" => "google_dns_resource_record_sets", "index" => "names", "qualifiers" => %i{project managed_zone} },
|
133
|
+
"google_kms_crypto_key" => { "iterator" => "google_kms_crypto_keys", "index" => "crypto_key_names", "qualifiers" => %i{project location key_ring_name} },
|
134
|
+
"google_logging_project_sink" => { "iterator" => "google_logging_project_sinks", "index" => "sink_names", "qualifiers" => [:project] },
|
135
|
+
"google_project_alert_policy" => { "iterator" => "google_project_alert_policies", "index" => "policy_names", "qualifiers" => [:project] },
|
136
|
+
"google_project_metric" => { "iterator" => "google_project_metrics", "index" => "metric_names", "qualifiers" => [:project] },
|
137
|
+
"google_pubsub_subscription" => { "iterator" => "google_pubsub_subscriptions", "index" => "names", "qualifiers" => [:project] },
|
138
138
|
}.freeze
|
139
139
|
|
140
140
|
GCP_REMOVED_PROPERTIES = {
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
141
|
+
"google_compute_http_health_check" => %i{self_link id creation_timestamp}, # id: terraform has name not id, self_link: undocumented but broken, creation_timestamp api incompatibility
|
142
|
+
"google_compute_instance" => %i{label_fingerprint machine_type min_cpu_platform zone}, # label_fingerprint, machine_type, zone api incompatibility | min_cpu_platform undefined
|
143
|
+
"google_compute_instance_group" => [:zone], # zone api incompatibility issue
|
144
|
+
"google_compute_forwarding_rule" => %i{backend_service ip_version network region subnetwork}, # :backend_service, :ip_version, :network, :region, :subnetwork api incompatibility
|
145
|
+
"google_compute_target_pool" => %i{backup_pool failover_ratio id region self_link}, # api incompatibility
|
146
|
+
}.freeze
|
146
147
|
|
148
|
+
GCP_TRANSLATED_RESOURCE_PROPERTIES = {
|
147
149
|
}.freeze
|
148
150
|
|
149
151
|
# readme content
|
150
|
-
def self.readme
|
151
|
-
end
|
152
|
+
def self.readme; end
|
152
153
|
|
153
154
|
# inspec.yml boilerplate content from
|
154
155
|
# inspec/lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
|
155
156
|
def self.inspec_yml
|
156
157
|
yml = {}
|
157
|
-
yml[
|
158
|
-
yml[
|
159
|
-
|
160
|
-
|
158
|
+
yml["inspec_version"] = ">= 2.3.5"
|
159
|
+
yml["depends"] = [{
|
160
|
+
"name" => "inspec-gcp",
|
161
|
+
"url" => "https://github.com/inspec/inspec-gcp/archive/master.tar.gz",
|
161
162
|
}]
|
162
|
-
yml[
|
163
|
-
|
163
|
+
yml["supports"] = [{
|
164
|
+
"platform" => "gcp",
|
164
165
|
}]
|
165
166
|
yml
|
166
167
|
end
|
data/lib/inspec-iggy/plugin.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "inspec/plugin/v2"
|
2
2
|
|
3
3
|
# The InspecPlugins namespace is where all plugins should declare themselves.
|
4
4
|
# The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
|
@@ -14,7 +14,7 @@ module InspecPlugins
|
|
14
14
|
# should be ready to do so. So, load the file that defines the functionality.
|
15
15
|
# For example, InSpec will activate this hook when `inspec help` is
|
16
16
|
# executed, so that this plugin's usage message will be included in the help.
|
17
|
-
require
|
17
|
+
require "inspec-iggy/terraform/cli_command"
|
18
18
|
|
19
19
|
# Having loaded our functionality, return a class that will let the
|
20
20
|
# CLI engine tap into it.
|
@@ -22,9 +22,15 @@ module InspecPlugins
|
|
22
22
|
end
|
23
23
|
|
24
24
|
cli_command :cloudformation do
|
25
|
-
require
|
25
|
+
require "inspec-iggy/cloudformation/cli_command"
|
26
26
|
InspecPlugins::Iggy::CloudFormation::CliCommand
|
27
27
|
end
|
28
|
+
|
29
|
+
cli_command :iggy do
|
30
|
+
require "inspec-iggy/iggy_cli_command"
|
31
|
+
InspecPlugins::Iggy::CliCommand
|
32
|
+
end
|
33
|
+
|
28
34
|
end
|
29
35
|
end
|
30
36
|
end
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# -*- coding: utf-8 -*-
|
2
2
|
# renders the profile from the parsed files
|
3
3
|
|
4
|
-
require
|
4
|
+
require "yaml"
|
5
5
|
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
6
|
+
require "inspec-iggy/platforms/aws_helper"
|
7
|
+
require "inspec-iggy/platforms/azure_helper"
|
8
|
+
require "inspec-iggy/platforms/gcp_helper"
|
9
9
|
|
10
10
|
module InspecPlugins
|
11
11
|
module Iggy
|
@@ -17,7 +17,7 @@ module InspecPlugins
|
|
17
17
|
overwrite_mode = options[:overwrite]
|
18
18
|
|
19
19
|
# --------------------------- InSpec Code Generator ---------------------------
|
20
|
-
cli.headline(
|
20
|
+
cli.headline("InSpec Iggy Code Generator")
|
21
21
|
|
22
22
|
full_destination_path = Pathname.new(Dir.pwd).join(name)
|
23
23
|
|
@@ -34,7 +34,7 @@ module InspecPlugins
|
|
34
34
|
# * Creating file README.md
|
35
35
|
render_readme_md(cli, name, source_file, platform)
|
36
36
|
# * Creating directory controls
|
37
|
-
cli.list_item "Creating directory #{cli.emphasis(
|
37
|
+
cli.list_item "Creating directory #{cli.emphasis("controls")}"
|
38
38
|
FileUtils.mkdir_p("#{name}/controls")
|
39
39
|
# * Creating file controls/generated.rb
|
40
40
|
render_controls_rb(cli, name, controls)
|
@@ -44,44 +44,44 @@ module InspecPlugins
|
|
44
44
|
end
|
45
45
|
|
46
46
|
def self.render_readme_md(cli, name, source_file, platform)
|
47
|
-
cli.list_item "Creating file #{cli.emphasis(
|
48
|
-
f = File.new("#{name}/README.md",
|
47
|
+
cli.list_item "Creating file #{cli.emphasis("README.md")}"
|
48
|
+
f = File.new("#{name}/README.md", "w")
|
49
49
|
f.puts("# #{name}")
|
50
50
|
f.puts
|
51
51
|
f.puts("This profile was generated by InSpec-Iggy v#{Iggy::VERSION} from the #{source_file} source file.")
|
52
52
|
|
53
|
-
f.puts(InspecPlugins::Iggy::Platforms::AwsHelper.readme) if platform.eql?(
|
54
|
-
f.puts(InspecPlugins::Iggy::Platforms::AzureHelper.readme) if platform.eql?(
|
55
|
-
f.puts(InspecPlugins::Iggy::Platforms::GcpHelper.readme) if platform.eql?(
|
53
|
+
f.puts(InspecPlugins::Iggy::Platforms::AwsHelper.readme) if platform.eql?("aws")
|
54
|
+
f.puts(InspecPlugins::Iggy::Platforms::AzureHelper.readme) if platform.eql?("azure")
|
55
|
+
f.puts(InspecPlugins::Iggy::Platforms::GcpHelper.readme) if platform.eql?("gcp")
|
56
56
|
|
57
57
|
f.close
|
58
58
|
end
|
59
59
|
|
60
60
|
def self.render_inspec_yml(cli, name, source_file, options, platform)
|
61
|
-
cli.list_item "Creating file #{cli.emphasis(
|
61
|
+
cli.list_item "Creating file #{cli.emphasis("inspec.yml")}"
|
62
62
|
yml = {}
|
63
|
-
yml[
|
64
|
-
yml[
|
65
|
-
yml[
|
66
|
-
yml[
|
67
|
-
yml[
|
68
|
-
yml[
|
69
|
-
yml[
|
70
|
-
yml[
|
71
|
-
yml[
|
63
|
+
yml["name"] = name
|
64
|
+
yml["title"] = options[:title]
|
65
|
+
yml["maintainer"] = options[:maintainer]
|
66
|
+
yml["copyright"] = options[:copyright]
|
67
|
+
yml["copyright_email"] = options[:email]
|
68
|
+
yml["license"] = options[:license]
|
69
|
+
yml["summary"] = options[:summary]
|
70
|
+
yml["version"] = options[:version]
|
71
|
+
yml["description"] = "Generated by InSpec-Iggy v#{Iggy::VERSION} from the #{source_file} source file."
|
72
72
|
|
73
|
-
yml.merge!(InspecPlugins::Iggy::Platforms::AwsHelper.inspec_yml) if platform.eql?(
|
74
|
-
yml.merge!(InspecPlugins::Iggy::Platforms::AzureHelper.inspec_yml) if platform.eql?(
|
75
|
-
yml.merge!(InspecPlugins::Iggy::Platforms::GcpHelper.inspec_yml) if platform.eql?(
|
73
|
+
yml.merge!(InspecPlugins::Iggy::Platforms::AwsHelper.inspec_yml) if platform.eql?("aws")
|
74
|
+
yml.merge!(InspecPlugins::Iggy::Platforms::AzureHelper.inspec_yml) if platform.eql?("azure")
|
75
|
+
yml.merge!(InspecPlugins::Iggy::Platforms::GcpHelper.inspec_yml) if platform.eql?("gcp")
|
76
76
|
|
77
|
-
f = File.new("#{name}/inspec.yml",
|
77
|
+
f = File.new("#{name}/inspec.yml", "w")
|
78
78
|
f.write(yml.to_yaml)
|
79
79
|
f.close
|
80
80
|
end
|
81
81
|
|
82
82
|
def self.render_controls_rb(cli, name, controls)
|
83
|
-
cli.list_item "Creating file #{cli.emphasis(
|
84
|
-
f = File.new("#{name}/controls/generated.rb",
|
83
|
+
cli.list_item "Creating file #{cli.emphasis("controls/generated.rb")}"
|
84
|
+
f = File.new("#{name}/controls/generated.rb", "w")
|
85
85
|
f.write(controls)
|
86
86
|
f.close
|
87
87
|
end
|