inspec-iggy 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 937720e2817669251c145140bb5a1a7c168fd2afa66a02fe3313028facbee416
-  data.tar.gz: 787196902a3ce2826b11498a38b7ddad33ba7f28e73f37d32c1924889fd51f48
+  metadata.gz: 0c6c518efc4c73cf153954ef3080635ce8c026675e910e0a42418f769b252bd7
+  data.tar.gz: ff777a9136a432e0dcd0fe38b2117199f68ca8b1742d95e5ced6b4393e0628af
 SHA512:
-  metadata.gz: 0e10cdd048643efe66f40c294f97297eaad4f0652d59951f7a77afa7859d27990e32feee91cc841e261a9b30b5af1b1b12a8b712f412ad02011faf5826478907
-  data.tar.gz: bc13bd1ab48457f3c335f839454aa4605aa146c8e0c0393da051709af8fb8b92f0e5ecc8c1d7c286bb54d78b5efe36a40e63f44cbd236a97a0af137dcfac5289
+  metadata.gz: c39d8c8a9b84232b63994e5622198c3e3961652e745eaaebd837908c91ecfca57ecdcd036edc2c9171ac8a0148503b14ff50e42bbc0cae6287b17bb57bc31ed3
+  data.tar.gz: 69103758e44b2f3de34ed4506f806d443f576ae36716bbe03864cd1fae56d158091bc7efc1bb9b16f8e6dbaa7df588fe80809d39dd77109abb92a34384bf8065

data/Gemfile

@@ -1,32 +1,15 @@
 # encoding: utf-8
-source 'http://rubygems.org'
+source "http://rubygems.org"
 
 gemspec
 
 # follows InSpec's versions
 group :test do
-  gem 'minitest', '~> 5.5'
-  gem 'rake', '>= 10'
-  gem 'rubocop', '= 0.49.1'
-  gem 'm'
-  gem 'pry-byebug'
-end
-
-group :aws do
-  #  gem 'aws-sdk', '~> 3'
-  gem 'aws-sdk-autoscaling', '~> 1'
-  gem 'aws-sdk-cloudtrail', '~> 1'
-  gem 'aws-sdk-cloudwatch', '~> 1'
-  gem 'aws-sdk-cloudwatchlogs', '~> 1'
-  gem 'aws-sdk-configservice', '~> 1'
-  gem 'aws-sdk-ec2', '~> 1'
-  gem 'aws-sdk-ecs', '~> 1'
-  gem 'aws-sdk-eks', '~> 1'
-  gem 'aws-sdk-elasticloadbalancing', '~> 1'
-  gem 'aws-sdk-iam', '~> 1'
-  gem 'aws-sdk-organizations', '~> 1'
-  gem 'aws-sdk-rds', '~> 1'
-  gem 'aws-sdk-s3', '~> 1'
-  gem 'aws-sdk-sns', '~> 1'
-  gem 'aws-sdk-sqs', '~> 1'
+  gem "inspec-bin", ">=3", "<5"
+  gem "chefstyle", "~> 0.13.0"
+  gem "minitest", "~> 5.5"
+  gem "rake", ">= 10"
+  gem "m"
+  gem "pry", "~> 0.10"
+  gem "pry-byebug"
 end

data/README.md

@@ -26,13 +26,13 @@ InSpec-Iggy is a community-driven plugin that is not officially supported by Che
 
 # Requirements <a name="requirements"></a>
 
-Iggy generates compliance profiles for InSpec 2.3 and later, which includes the AWS and Azure resources. Because resources are continuing to be added to InSpec, you may want the latest version to support as much resource coverage as possible. It has currently been tested primarily with AWS but other InSpec-supported platforms should work as well.
+Iggy generates compliance profiles for InSpec 3 and later, requiring external resource packs for the AWS, Azure, and GCP resources. Because resources are continuing to be added to InSpec, you may want the latest version to support as much resource coverage as possible.
 
-Written and tested with Ruby 2.6.
+Written and tested with Ruby 2.6 and InSpec 4.
 
 # Installation <a name="installation"></a>
 
-`inspec-iggy` is a plugin for InSpec.  InSpec 2.3 or later is required.  To install, use:
+`inspec-iggy` is a plugin for InSpec.  InSpec 3 or later is required.  To install, use:
 
     $ inspec plugin install inspec-iggy
 
@@ -61,7 +61,7 @@ Iggy dynamically pulls the available Cloud resources from InSpec and attempts to
      [--log-location=LOG_LOCATION]    Location to send diagnostic log messages to. (default: STDOUT or Inspec::Log.error)
      [--platform=gcp|aws|azure]       Cloud provider name
      [--resourcepath=INSPEC_CLOUD_RESOURCE_PATH] Location of inspec-gcp|inspec-aws|inspec-azure resources
-     Note: --resourcepath should point to the directory where inspec-<cloud_provider> resource pack is downloaded/cloned from Github.
+     Note: --resourcepath should point to the directory where inspec-<cloud_provider> resource pack is downloaded/cloned from GitHub.
 
 # InSpec Terraform Negative<a name="itn"></a>
 
@@ -88,7 +88,7 @@ Iggy dynamically pulls the available Cloud resources from InSpec and attempts to
      [--log-location=LOG_LOCATION]    Location to send diagnostic log messages to. (default: STDOUT or Inspec::Log.error)
      [--platform=gcp|aws|azure]       Cloud provider name
      [--resourcepath=INSPEC_CLOUD_RESOURCE_PATH] Location of inspec-gcp|inspec-aws|inspec-azure resources
-     Note: --resourcepath should point to the directory where inspec-<cloud_provider> resource pack is downloaded/cloned from Github.
+     Note: --resourcepath should point to the directory where inspec-<cloud_provider> resource pack is downloaded/cloned from GitHub.
 
 # InSpec CloudFormation Generate<a name="icg"></a>
 

data/inspec-iggy.gemspec

@@ -1,26 +1,26 @@
 # coding: utf-8
-lib = File.expand_path('lib', __dir__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
-require 'inspec-iggy/version'
+require "inspec-iggy/version"
 
 Gem::Specification.new do |spec|
-  spec.name        = 'inspec-iggy'
+  spec.name        = "inspec-iggy"
   spec.version     = InspecPlugins::Iggy::VERSION
-  spec.authors     = ['Matt Ray']
-  spec.email       = ['matt@chef.io']
-  spec.summary     = 'InSpec plugin to generate InSpec compliance profiles from Terraform and CloudFormation.'
-  spec.description = 'InSpec plugin to generate InSpec profiles from Terraform and CloudFormation to ensure automatic compliance coverage.'
-  spec.homepage    = 'https://github.com/mattray/inspec-iggy'
-  spec.license     = 'Apache-2.0'
+  spec.authors     = ["Matt Ray"]
+  spec.email       = ["matt@chef.io"]
+  spec.summary     = "InSpec plugin to generate InSpec compliance profiles from Terraform and CloudFormation."
+  spec.description = "InSpec plugin to generate InSpec profiles from Terraform and CloudFormation to ensure automatic compliance coverage."
+  spec.homepage    = "https://github.com/mattray/inspec-iggy"
+  spec.license     = "Apache-2.0"
 
   spec.files = %w{
     README.md inspec-iggy.gemspec Gemfile
   } + Dir.glob(
-    '{bin,docs,examples,lib,tasks}/**/*', File::FNM_DOTMATCH
+    "{bin,docs,examples,lib,tasks}/**/*", File::FNM_DOTMATCH
   ).reject { |f| File.directory?(f) }
 
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
 
-  spec.add_dependency 'inspec', '>=2.3', '<5'
+  spec.add_dependency "inspec", ">=3", "<5"
 end

data/lib/inspec-iggy.rb

@@ -5,4 +5,4 @@
 libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
-require 'inspec-iggy/plugin'
+require "inspec-iggy/plugin"

data/lib/inspec-iggy/cloudformation/cli_command.rb

@@ -1,79 +1,70 @@
 # CloudFormation CLI command and options
 
-require 'inspec/plugin/v2'
+require "inspec/plugin/v2"
 
-require 'inspec-iggy/version'
-require 'inspec-iggy/profile_helper'
-require 'inspec-iggy/cloudformation/generate'
+require "inspec-iggy/version"
+require "inspec-iggy/profile_helper"
+require "inspec-iggy/cloudformation/generate"
 
 module InspecPlugins::Iggy
   module CloudFormation
     class CliCommand < Inspec.plugin(2, :cli_command)
-      subcommand_desc 'cloudformation SUBCOMMAND ...', 'Generate an InSpec profile from CloudFormation'
-
-      # Thor.map(Hash) allows you to make aliases for commands.
-      map('-v' => 'version')         # Treat `inspec terraform -v`` as `inspec terraform version`
-      map('--version' => 'version')  # Treat `inspec terraform -version`` as `inspec terraform version`
-
-      desc 'version', 'Display version information', hide: true
-      def version
-        say("Iggy v#{InspecPlugins::Iggy::VERSION}")
-      end
+      subcommand_desc "cloudformation SUBCOMMAND ...", "Generate an InSpec profile from CloudFormation"
 
       option :debug,
-             desc: 'Verbose debugging messages',
+             desc: "Verbose debugging messages",
              type: :boolean,
              default: false
 
       option :copyright,
-             desc: 'Name of the copyright holder',
-             default: 'The Authors'
+             desc: "Name of the copyright holder",
+             default: "The Authors"
 
       option :email,
-             desc: 'Email address of the author',
-             default: 'you@example.com'
+             desc: "Email address of the author",
+             default: "you@example.com"
 
       option :license,
-             desc: 'License for the profile',
-             default: 'Apache-2.0'
+             desc: "License for the profile",
+             default: "Apache-2.0"
 
       option :maintainer,
-             desc: 'Name of the copyright holder',
-             default: 'The Authors'
+             desc: "Name of the copyright holder",
+             default: "The Authors"
 
       option :summary,
-             desc: 'One line summary for the profile',
-             default: 'An InSpec Compliance Profile'
+             desc: "One line summary for the profile",
+             default: "An InSpec Compliance Profile"
 
       option :title,
-             desc: 'Human-readable name for the profile',
-             default: 'InSpec Profile'
+             desc: "Human-readable name for the profile",
+             default: "InSpec Profile"
 
       option :version,
-             desc: 'Specify the profile version',
-             default: '0.1.0'
+             desc: "Specify the profile version",
+             default: "0.1.0"
 
       option :overwrite,
-             desc: 'Overwrites existing profile directory',
+             desc: "Overwrites existing profile directory",
              type: :boolean,
              default: false
 
       option :name,
-             aliases: '-n',
+             aliases: "-n",
              required: true,
-             desc: 'Name of profile to be generated'
+             desc: "Name of profile to be generated"
 
       option :stack,
-             aliases: '-s',
+             aliases: "-s",
              required: true,
-             desc: 'Specify stack name or unique stack ID associated with the CloudFormation template'
+             desc: "Specify stack name or unique stack ID associated with the CloudFormation template"
 
       option :template,
-             aliases: '-t',
+             aliases: "-t",
              required: true,
-             desc: 'Specify path to the input CloudFormation template'
+             desc: "Specify path to the input CloudFormation template"
 
-      desc 'generate [options]', 'Generate InSpec compliance controls from CloudFormation template'
+      desc "generate [options]", "Generate InSpec compliance controls from CloudFormation template"
       def generate
         Inspec::Log.level = :debug if options[:debug]
         # hash of generated controls

data/lib/inspec-iggy/cloudformation/generate.rb

@@ -1,11 +1,11 @@
 # parses CloudFormation JSON files
 
-require 'inspec/objects/control'
-require 'inspec/objects/ruby_helper'
-require 'inspec/objects/describe'
+require "inspec/objects/control"
+require "inspec/objects/ruby_helper"
+require "inspec/objects/describe"
 
-require 'inspec-iggy/file_helper'
-require 'inspec-iggy/inspec_helper'
+require "inspec-iggy/file_helper"
+require "inspec-iggy/inspec_helper"
 
 module InspecPlugins::Iggy::CloudFormation
   class Generate
@@ -18,12 +18,12 @@ module InspecPlugins::Iggy::CloudFormation
       generated_controls = []
 
       # iterate over the resources
-      cfn_resources = template['Resources']
+      cfn_resources = template["Resources"]
       cfn_resources.keys.each do |cfn_res|
         # split out the last ::, these are all AWS
-        cfn_resource = cfn_resources[cfn_res]['Type'].split('::').last
+        cfn_resource = cfn_resources[cfn_res]["Type"].split("::").last
         # split camelcase and join with underscores
-        cfn_res_type = 'aws_' + cfn_resource.split(/(?=[A-Z])/).join('_').downcase
+        cfn_res_type = "aws_" + cfn_resource.split(/(?=[A-Z])/).join("_").downcase
 
         # add translation layer
         if InspecPlugins::Iggy::InspecHelper::TRANSLATED_RESOURCES.key?(cfn_res_type)
@@ -39,42 +39,42 @@ module InspecPlugins::Iggy::CloudFormation
           ctrl = Inspec::Control.new
           ctrl.id = "#{cfn_res_type}::#{cfn_res}"
           ctrl.title = "InSpec-Iggy #{cfn_res_type}::#{cfn_res}"
-          ctrl.descriptions['default'] = "#{cfn_res_type}::#{cfn_res} from the source file #{absolutename}\nGenerated by InSpec-Iggy v#{InspecPlugins::Iggy::VERSION}"
-          ctrl.impact = '1.0'
+          ctrl.descriptions["default"] = "#{cfn_res_type}::#{cfn_res} from the source file #{absolutename}\nGenerated by InSpec-Iggy v#{InspecPlugins::Iggy::VERSION}"
+          ctrl.impact = "1.0"
 
           describe = Inspec::Describe.new
           # describes the resource with the logical_resource_id as argument, replaced at inspec exec
           describe.qualifier.push([cfn_res_type, "resources[#{cfn_res}]"])
 
           # ensure the resource exists
-          describe.add_test(nil, 'exist', nil)
+          describe.add_test(nil, "exist", nil)
 
           # EC2 instances should be running
-          describe.add_test(nil, 'be_running', nil) if cfn_res_type.eql?('aws_ec2_instance')
+          describe.add_test(nil, "be_running", nil) if cfn_res_type.eql?("aws_ec2_instance")
 
           # if there's a match, see if there are matching InSpec properties
-          inspec_properties = InspecPlugins::Iggy::InspecHelper.resource_properties(cfn_res_type, 'aws')
-          cfn_resources[cfn_res]['Properties'].keys.each do |attr|
+          inspec_properties = InspecPlugins::Iggy::InspecHelper.resource_properties(cfn_res_type, "aws")
+          cfn_resources[cfn_res]["Properties"].keys.each do |attr|
             # insert '_' on the CamelCase to get camel_case
             attr_split = attr.split(/(?=[A-Z])/)
-            property = attr_split.join('_').downcase
+            property = attr_split.join("_").downcase
             if inspec_properties.member?(property)
               Inspec::Log.debug "CloudFormation::Generate.parse_generate #{cfn_res_type} inspec_property = #{property} MATCHED"
-              value = cfn_resources[cfn_res]['Properties'][attr]
+              value = cfn_resources[cfn_res]["Properties"][attr]
               if (value.is_a? Hash) || (value.is_a? Array)
                 #  these get replaced at inspec exec
-                if property.eql?('vpc_id') # rubocop:disable Metrics/BlockNesting
-                  vpc = cfn_resources[cfn_res]['Properties'][attr].values.first
+                if property.eql?("vpc_id") # rubocop:disable Metrics/BlockNesting
+                  vpc = cfn_resources[cfn_res]["Properties"][attr].values.first
                   # https://github.com/inspec/inspec/issues/3173
-                  describe.add_test(property, 'cmp', "resources[#{vpc}]") unless cfn_res_type.eql?('aws_route_table') # rubocop:disable Metrics/BlockNesting
+                  describe.add_test(property, "cmp", "resources[#{vpc}]") unless cfn_res_type.eql?("aws_route_table") # rubocop:disable Metrics/BlockNesting
                   # AMI is a Ref into Parameters
-                elsif property.eql?('image_id') # rubocop:disable Metrics/BlockNesting
-                  amiref = cfn_resources[cfn_res]['Properties'][attr].values.first
-                  ami = template['Parameters'][amiref]['Default']
-                  describe.add_test(property, 'cmp', ami)
+                elsif property.eql?("image_id") # rubocop:disable Metrics/BlockNesting
+                  amiref = cfn_resources[cfn_res]["Properties"][attr].values.first
+                  ami = template["Parameters"][amiref]["Default"]
+                  describe.add_test(property, "cmp", ami)
                 end
               else
-                describe.add_test(property, 'cmp', value)
+                describe.add_test(property, "cmp", value)
               end
             else
               Inspec::Log.debug "CloudFormation::Generate.parse_generate #{cfn_res_type} inspec_property = #{property} SKIPPED"

data/lib/inspec-iggy/file_helper.rb

@@ -1,7 +1,7 @@
 # helper methods for retrieving and parsing files
 
-require 'json'
-require 'open-uri'
+require "json"
+require "open-uri"
 
 module InspecPlugins
   module Iggy

data/lib/inspec-iggy/iggy_cli_command.rb

@@ -0,0 +1,18 @@
+# CloudFormation CLI command and options
+
+require "inspec/plugin/v2"
+
+require "inspec-iggy/version"
+
+module InspecPlugins
+  module Iggy
+    class CliCommand < Inspec.plugin(2, :cli_command)
+      subcommand_desc "iggy", "Use 'inspec cloudformation' or 'inspec terraform'"
+
+      desc "version", "Display version information"
+      def version
+        say("Iggy v#{InspecPlugins::Iggy::VERSION}")
+      end
+    end
+  end
+end

data/lib/inspec-iggy/inspec_helper.rb

@@ -1,10 +1,10 @@
 # constants and helpers for working with InSpec
 
-require 'inspec'
+require "inspec"
 
-require 'inspec-iggy/platforms/aws_helper'
-require 'inspec-iggy/platforms/azure_helper'
-require 'inspec-iggy/platforms/gcp_helper'
+require "inspec-iggy/platforms/aws_helper"
+require "inspec-iggy/platforms/azure_helper"
+require "inspec-iggy/platforms/gcp_helper"
 
 module InspecPlugins
   module Iggy
@@ -18,116 +18,138 @@ module InspecPlugins
 
       # translate Terraform resource name to InSpec
       TRANSLATED_RESOURCES = {
-        'aws_instance' => 'aws_ec2_instance',
-        'aws_v_p_c' => 'aws_vpc', # CFN
-        'azurerm_resource_group' => 'azure_resource_group',
-        'azurerm_virtual_machine' => 'azure_virtual_machine'
+        "aws_instance" => "aws_ec2_instance",
+        "aws_v_p_c" => "aws_vpc", # CFN
+        "azurerm_resource_group" => "azure_resource_group",
+        "azurerm_virtual_machine" => "azure_virtual_machine",
         # "azure_virtual_machine_data_disk",
         # 'aws_route' => 'aws_route_table' # needs route_table_id instead of id
       }.freeze
 
       def self.available_resource_qualifiers(platform)
         case platform
-        when 'aws'
+        when "aws"
           InspecPlugins::Iggy::Platforms::AwsHelper::AWS_RESOURCE_QUALIFIERS
-        when 'azure'
+        when "azure"
           InspecPlugins::Iggy::Platforms::AzureHelper::AZURE_RESOURCE_QUALIFIERS
-        when 'gcp'
+        when "gcp"
           InspecPlugins::Iggy::Platforms::GcpHelper::GCP_RESOURCE_QUALIFIERS
         end
       end
 
       def self.available_resource_iterators(platform)
         case platform
-        when 'aws'
+        when "aws"
           InspecPlugins::Iggy::Platforms::AwsHelper::AWS_RESOURCE_ITERATORS
-        when 'azure'
+        when "azure"
           InspecPlugins::Iggy::Platforms::AzureHelper::AZURE_RESOURCE_ITERATORS
-        when 'gcp'
+        when "gcp"
           InspecPlugins::Iggy::Platforms::GcpHelper::GCP_RESOURCE_ITERATORS
         end
       end
 
+      def self.available_translated_resource_properties(platform, resource)
+        case platform
+        when "aws"
+          InspecPlugins::Iggy::Platforms::AwsHelper::AWS_TRANSLATED_RESOURCE_PROPERTIES[resource]
+        when "azure"
+          InspecPlugins::Iggy::Platforms::AzureHelper::AZURE_TRANSLATED_RESOURCE_PROPERTIES[resource]
+        when "gcp"
+          InspecPlugins::Iggy::Platforms::GcpHelper::GCP_TRANSLATED_RESOURCE_PROPERTIES[resource]
+        end
+      end
+
+      def self.translated_resource_property(platform, resource, property)
+        translated_resource = available_translated_resource_properties(platform, resource)
+        translated_property = translated_resource[property] if translated_resource
+        if translated_property
+          Inspec::Log.debug "InspecHelper.translated_resource_property #{platform}:#{resource}:#{property} = #{translated_property} TRANSLATED"
+          translated_property
+        else
+          property
+        end
+      end
+
       # manually maintained common methods we don't want to test InSpec properties
-      REMOVED_COMMON_PROPERTIES = [
-        :!,
-        :!=,
-        :!~,
-        :<=>,
-        :==,
-        :===,
-        :=~,
-        :__binding__,
-        :__id__,
-        :__send__,
-        :check_supports,
-        :class,
-        :clone,
-        :dclone,
-        :define_singleton_method,
-        :display,
-        :dup,
-        :enum_for,
-        :eql?,
-        :equal?,
-        :extend,
-        :fail_resource,
-        :freeze,
-        :frozen?,
-        :hash,
-        :inspec,
-        :inspect,
-        :instance_eval,
-        :instance_exec,
-        :instance_of?,
-        :instance_variable_defined?,
-        :instance_variable_get,
-        :instance_variable_set,
-        :instance_variables,
-        :is_a?,
-        :itself,
-        :kind_of?,
-        :method,
-        :methods,
-        :nil?,
-        :object_id,
-        :pretty_inspect,
-        :pretty_print,
-        :pretty_print_cycle,
-        :pretty_print_inspect,
-        :pretty_print_instance_variables,
-        :private_methods,
-        :protected_methods,
-        :pry,
-        :public_method,
-        :public_methods,
-        :public_send,
-        :remove_instance_variable,
-        :resource_exception_message,
-        :resource_failed?,
-        :resource_skipped?,
-        :respond_to?,
-        :send,
-        :should,
-        :should_not,
-        :singleton_class,
-        :singleton_method,
-        :singleton_methods,
-        :skip_resource,
-        :taint,
-        :tainted?,
-        :tap,
-        :then,
-        :to_enum,
-        :to_json,
-        :to_s,
-        :to_yaml,
-        :trust,
-        :untaint,
-        :untrust,
-        :untrusted?,
-        :yield_self
-      ].freeze
+      REMOVED_COMMON_PROPERTIES = %i{
+        !
+        !=
+        !~
+        <=>
+        ==
+        ===
+        =~
+        __binding__
+        __id__
+        __send__
+        check_supports
+        class
+        clone
+        dclone
+        define_singleton_method
+        display
+        dup
+        enum_for
+        eql?
+        equal?
+        extend
+        fail_resource
+        freeze
+        frozen?
+        hash
+        inspec
+        inspect
+        instance_eval
+        instance_exec
+        instance_of?
+        instance_variable_defined?
+        instance_variable_get
+        instance_variable_set
+        instance_variables
+        is_a?
+        itself
+        kind_of?
+        method
+        methods
+        nil?
+        object_id
+        pretty_inspect
+        pretty_print
+        pretty_print_cycle
+        pretty_print_inspect
+        pretty_print_instance_variables
+        private_methods
+        protected_methods
+        pry
+        public_method
+        public_methods
+        public_send
+        remove_instance_variable
+        resource_exception_message
+        resource_failed?
+        resource_skipped?
+        respond_to?
+        send
+        should
+        should_not
+        singleton_class
+        singleton_method
+        singleton_methods
+        skip_resource
+        taint
+        tainted?
+        tap
+        then
+        to_enum
+        to_json
+        to_s
+        to_yaml
+        trust
+        untaint
+        untrust
+        untrusted?
+        yield_self
+      }.freeze
 
       # properties are often dynamically generated, making it hard to determine
       # their existence without instantiating them. Because of this, we will
@@ -137,23 +159,26 @@ module InspecPlugins
         # :id, #disabled for GCP
         # :ip_version, # documented but undefined
         # :network, # documented but undefined
-        # :subnetwork, # documented but undefined
         :addons_config,
-        :address_type,
         :address,
+        :address_type,
         :aggregation_alignment_period,
         :aggregation_cross_series_reducer,
         :aggregation_per_series_aligner,
         :allowed,
         :archive_size_bytes,
         :auto_create_subnetworks,
+        :availability_zone,
+        :availability_zones,
         :available_cpu_platforms,
+        :available_ip_address_count,
         :available_memory_mb,
         :backend_service,
         :backup_pool,
         :base_instance_name,
         :can_ip_forward,
         :check_interval_sec,
+        :cidr_block,
         :cluster_ipv4_cidr,
         :combiner,
         :common_instance_metadata,
@@ -161,11 +186,11 @@ module InspecPlugins
         :conditions,
         :config,
         :cpu_platform,
-        :create_time_date,
         :create_time,
+        :create_time_date,
         :creation_record,
-        :creation_timestamp_date,
         :creation_timestamp,
+        :creation_timestamp_date,
         :crypto_key_name,
         :crypto_key_url,
         :current_actions,
@@ -173,14 +198,15 @@ module InspecPlugins
         :current_node_count,
         :current_node_version,
         :custom_features,
-        :dataset_id,
         :dataset,
+        :dataset_id,
         :default_exempted_members,
         :default_service_account,
         :default_types,
         :deletion_protection,
         :description,
         :detailed_status,
+        :dhcp_options_id,
         :direction,
         :disabled,
         :disk_encryption_key,
@@ -189,13 +215,15 @@ module InspecPlugins
         :display_name,
         :dns_name,
         :dnssec_config,
-        :enabled_features,
+        :ebs_volumes,
         :enabled,
+        :enabled_features,
         :endpoint,
         :entry_point,
         :environment_variables,
         :etag,
         :expire_time,
+        :external_ports,
         :failover_ratio,
         :family,
         :filename,
@@ -203,6 +231,8 @@ module InspecPlugins
         :fingerprint,
         :friendly_name,
         :gateway_address,
+        :group_id,
+        :group_name,
         :guest_accelerators,
         :guest_os_features,
         :health_check,
@@ -210,70 +240,19 @@ module InspecPlugins
         :host,
         :ignored_files,
         :ike_version,
+        :image_id,
+        :inbound_rules,
+        :inbound_rules_count,
         :included_files,
         :included_permissions,
         :initial_cluster_version,
         :initial_node_count,
-        :instance_group_urls,
         :instance_group,
-        :instance_template,
-        :ip_address,
-        :ip_cidr_range,
-        :ip_protocol,
-        :ip_version,
-        :key_ring_name,
-        :key_ring_url,
-        :key_signing_key_algorithm,
-        :kind,
-        :kms_key_name,
-        :label_fingerprint,
-        :label_value_by_key,
-        :labels_keys,
-        :labels_values,
-        :labels,
-        :last_attach_timestamp,
-        :last_detach_timestamp,
-        :last_modified_time,
-        :legacy_abac,
-        :licenses,
-        :lifecycle_state,
-        :load_balancing_scheme,
-        :local_traffic_selector,
-        :location,
-        :logging_service,
-        :machine_type,
-        :managed_zone,
-        :management,
-        :master_auth,
-        :members,
-        :metadata_keys,
-        :metadata_value_by_key,
-        :metadata_values,
-        :metadata,
-        :min_cpu_platform,
-        :monitoring_service,
-        :mutation_record,
-        :name_servers,
-        :family,
-        :filename,
-        :filter,
-        :fingerprint,
-        :friendly_name,
-        :gateway_address,
-        :guest_accelerators,
-        :guest_os_features,
-        :health_check,
-        :healthy_threshold,
-        :host,
-        :ignored_files,
-        :ike_version,
-        :included_files,
-        :included_permissions,
-        :initial_cluster_version,
-        :initial_node_count,
         :instance_group_urls,
-        :instance_group,
+        :instance_ids,
         :instance_template,
+        :instance_tenancy,
+        :internal_ports,
         :ip_address,
         :ip_cidr_range,
         :ip_protocol,
@@ -285,12 +264,13 @@ module InspecPlugins
         :kms_key_name,
         :label_fingerprint,
         :label_value_by_key,
+        :labels,
         :labels_keys,
         :labels_values,
-        :labels,
         :last_attach_timestamp,
         :last_detach_timestamp,
         :last_modified_time,
+        :launch_time,
         :legacy_abac,
         :licenses,
         :lifecycle_state,
@@ -303,37 +283,39 @@ module InspecPlugins
         :management,
         :master_auth,
         :members,
+        :metadata,
         :metadata_keys,
         :metadata_value_by_key,
         :metadata_values,
-        :metadata,
         :min_cpu_platform,
         :monitoring_service,
         :mutation_record,
-        :name_servers,
         :name,
+        :name_servers,
         :named_ports,
-        :network_interfaces,
         :network,
+        :network_interfaces,
         :next_hop_gateway,
         :next_hop_instance,
         :next_hop_ip,
         :next_hop_network,
         :next_hop_vpn_tunnel,
-        :next_rotation_time_date,
         :next_rotation_time,
+        :next_rotation_time_date,
         :node_config,
         :node_ipv4_cidr_size,
         :node_pools,
         :num_bytes,
         :num_long_term_bytes,
         :num_rows,
+        :outbound_rules,
+        :outbound_rules_count,
         :output_version_format,
         :parent,
         :peer_ip,
         :physical_block_size_bytes,
-        :port_range,
         :port,
+        :port_range,
         :ports,
         :primary_create_time,
         :primary_create_time_date,
@@ -352,8 +334,8 @@ module InspecPlugins
         :quotas,
         :raw_disk,
         :raw_key,
-        :region_name,
         :region,
+        :region_name,
         :remote_traffic_selector,
         :request_path,
         :rotation_period,
@@ -361,45 +343,50 @@ module InspecPlugins
         :routing_config,
         :runtime,
         :scheduling,
+        :security_group_ids,
+        :security_groups,
         :self_link,
+        :service,
         :service_account_email,
         :service_accounts,
-        :service,
         :services_ipv4_cidr,
         :session_affinity,
         :sha256,
-        :shared_secret_hash,
         :shared_secret,
+        :shared_secret_hash,
         :size_gb,
         :source_archive_url,
         :source_disk,
+        :source_image,
         :source_image_encryption_key,
         :source_image_id,
-        :source_image,
         :source_ranges,
+        :source_snapshot,
         :source_snapshot_encryption_key,
         :source_snapshot_id,
-        :source_snapshot,
         :source_type,
         :source_upload_url,
         :ssl_certificates,
         :ssl_policy,
         :stage,
         :start_restricted,
+        :state,
         :status,
         :storage_bytes,
+        :subnet_id,
+        :subnet_ids,
         :subnetwork,
         :substitutions,
         :table_id,
         :table_reference,
         :tags,
+        :target,
         :target_pools,
         :target_size,
         :target_tags,
         :target_vpn_gateway,
-        :target,
-        :timeout_sec,
         :timeout,
+        :timeout_sec,
         :title,
         :ttl,
         :type,
@@ -407,21 +394,22 @@ module InspecPlugins
         :update_time,
         :url_map,
         :users,
-        :version_id,
         :version,
+        :version_id,
+        :vpc_id,
         :writer_identity,
         :xpn_project_status,
+        :zone,
         :zone_signing_key_algorithm,
-        :zone
       ].freeze
 
       # load the resource pack into InSpec::Resource.registry
       def self.load_resource_pack(resource_path)
         # find the libraries path in the resource pack
-        if resource_path.end_with?('libraries')
+        if resource_path.end_with?("libraries")
           libpath = resource_path
         else
-          libpath = resource_path+'/libraries'
+          libpath = resource_path + "/libraries"
         end
         $LOAD_PATH.push(libpath)
         # find all the classes in the libpath and require them
@@ -429,7 +417,7 @@ module InspecPlugins
         Dir.glob("#{libpath}/*.rb").each do |x|
           begin
             require(x)
-          rescue Exception =>e # rubocop:disable Lint/RescueException AWS is blowing up for some reason
+          rescue Exception => e # rubocop:disable Lint/RescueException AWS is blowing up for some reason
             puts e
           end
         end
@@ -442,11 +430,11 @@ module InspecPlugins
         inspec_properties = Inspec::Resource.registry[resource].instance_methods + ADDITIONAL_COMMON_PROPERTIES
         inspec_properties -= REMOVED_COMMON_PROPERTIES
         case platform
-        when 'aws'
+        when "aws"
           inspec_properties -= InspecPlugins::Iggy::Platforms::AwsHelper::AWS_REMOVED_PROPERTIES[resource] unless InspecPlugins::Iggy::Platforms::AwsHelper::AWS_REMOVED_PROPERTIES[resource].nil?
-        when 'azure'
+        when "azure"
           inspec_properties -= InspecPlugins::Iggy::Platforms::AzureHelper::AZURE_REMOVED_PROPERTIES[resource] unless InspecPlugins::Iggy::Platforms::AzureHelper::AZURE_REMOVED_PROPERTIES[resource].nil?
-        when 'gcp'
+        when "gcp"
           inspec_properties -= InspecPlugins::Iggy::Platforms::GcpHelper::GCP_REMOVED_PROPERTIES[resource] unless InspecPlugins::Iggy::Platforms::GcpHelper::GCP_REMOVED_PROPERTIES[resource].nil?
         end
         # get InSpec properties by method names
@@ -459,7 +447,7 @@ module InspecPlugins
       def self.tf_controls(title, generated_controls, platform)
         content = "title \"#{title}: generated by Iggy v#{Iggy::VERSION}\"\n"
 
-        content += InspecPlugins::Iggy::Platforms::AwsHelper.tf_controls if platform.eql?('aws')
+        content += InspecPlugins::Iggy::Platforms::AwsHelper.tf_controls if platform.eql?("aws")
 
         # write all controls
         generated_controls.flatten.each do |control|