inspec 1.51.25 → 2.0.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/CHANGELOG.md +24 -19
- data/Gemfile +3 -1
- data/LICENSE +0 -0
- data/MAINTAINERS.md +0 -0
- data/MAINTAINERS.toml +0 -0
- data/README.md +22 -3
- data/Rakefile +117 -0
- data/docs/.gitignore +0 -0
- data/docs/README.md +0 -0
- data/docs/dsl_inspec.md +0 -0
- data/docs/dsl_resource.md +0 -0
- data/docs/glossary.md +0 -0
- data/docs/habitat.md +0 -0
- data/docs/inspec_and_friends.md +0 -0
- data/docs/matchers.md +0 -0
- data/docs/migration.md +0 -0
- data/docs/platforms.md +119 -0
- data/docs/plugin_kitchen_inspec.md +0 -0
- data/docs/profiles.md +0 -0
- data/docs/reporters.md +0 -0
- data/docs/resources/aide_conf.md.erb +6 -8
- data/docs/resources/apache.md.erb +2 -1
- data/docs/resources/apache_conf.md.erb +2 -1
- data/docs/resources/apt.md.erb +2 -1
- data/docs/resources/audit_policy.md.erb +3 -2
- data/docs/resources/auditd.md.erb +2 -1
- data/docs/resources/auditd_conf.md.erb +3 -3
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -0
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -0
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -0
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -0
- data/docs/resources/aws_ec2_instance.md.erb +106 -0
- data/docs/resources/aws_iam_access_key.md.erb +123 -0
- data/docs/resources/aws_iam_access_keys.md.erb +198 -0
- data/docs/resources/aws_iam_group.md.erb +46 -0
- data/docs/resources/aws_iam_groups.md.erb +43 -0
- data/docs/resources/aws_iam_password_policy.md.erb +76 -0
- data/docs/resources/aws_iam_policies.md.erb +82 -0
- data/docs/resources/aws_iam_policy.md.erb +146 -0
- data/docs/resources/aws_iam_role.md.erb +65 -0
- data/docs/resources/aws_iam_root_user.md.erb +58 -0
- data/docs/resources/aws_iam_user.md.erb +64 -0
- data/docs/resources/aws_iam_users.md.erb +90 -0
- data/docs/resources/aws_kms_keys.md.erb +84 -0
- data/docs/resources/aws_route_table.md.erb +47 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -0
- data/docs/resources/aws_security_group.md.erb +152 -0
- data/docs/resources/aws_security_groups.md.erb +92 -0
- data/docs/resources/aws_sns_topic.md.erb +63 -0
- data/docs/resources/aws_subnet.md.erb +134 -0
- data/docs/resources/aws_subnets.md.erb +126 -0
- data/docs/resources/aws_vpc.md.erb +120 -0
- data/docs/resources/aws_vpcs.md.erb +48 -0
- data/docs/resources/azure_generic_resource.md.erb +140 -0
- data/docs/resources/azure_resource_group.md.erb +284 -0
- data/docs/resources/azure_virtual_machine.md.erb +314 -0
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +182 -0
- data/docs/resources/bash.md.erb +2 -1
- data/docs/resources/bond.md.erb +2 -1
- data/docs/resources/bridge.md.erb +5 -2
- data/docs/resources/bsd_service.md.erb +3 -1
- data/docs/resources/command.md.erb +2 -1
- data/docs/resources/cpan.md.erb +4 -3
- data/docs/resources/cran.md.erb +2 -1
- data/docs/resources/crontab.md.erb +2 -1
- data/docs/resources/csv.md.erb +2 -1
- data/docs/resources/dh_params.md.erb +2 -1
- data/docs/resources/directory.md.erb +4 -2
- data/docs/resources/docker.md.erb +2 -1
- data/docs/resources/docker_container.md.erb +5 -2
- data/docs/resources/docker_image.md.erb +2 -1
- data/docs/resources/docker_service.md.erb +2 -1
- data/docs/resources/elasticsearch.md.erb +12 -1
- data/docs/resources/etc_fstab.md.erb +2 -1
- data/docs/resources/etc_group.md.erb +2 -1
- data/docs/resources/etc_hosts.md.erb +4 -1
- data/docs/resources/etc_hosts_allow.md.erb +2 -1
- data/docs/resources/etc_hosts_deny.md.erb +2 -1
- data/docs/resources/file.md.erb +6 -3
- data/docs/resources/filesystem.md.erb +2 -1
- data/docs/resources/firewalld.md.erb +4 -3
- data/docs/resources/gem.md.erb +2 -1
- data/docs/resources/group.md.erb +2 -1
- data/docs/resources/grub_conf.md.erb +2 -2
- data/docs/resources/host.md.erb +2 -1
- data/docs/resources/http.md.erb +4 -7
- data/docs/resources/iis_app.md.erb +3 -1
- data/docs/resources/iis_site.md.erb +4 -1
- data/docs/resources/inetd_conf.md.erb +2 -3
- data/docs/resources/ini.md.erb +6 -2
- data/docs/resources/interface.md.erb +5 -2
- data/docs/resources/iptables.md.erb +2 -1
- data/docs/resources/json.md.erb +2 -1
- data/docs/resources/kernel_module.md.erb +2 -1
- data/docs/resources/kernel_parameter.md.erb +3 -3
- data/docs/resources/key_rsa.md.erb +5 -3
- data/docs/resources/launchd_service.md.erb +2 -1
- data/docs/resources/limits_conf.md.erb +4 -2
- data/docs/resources/login_def.md.erb +2 -2
- data/docs/resources/mount.md.erb +2 -1
- data/docs/resources/mssql_session.md.erb +2 -1
- data/docs/resources/mysql_conf.md.erb +2 -1
- data/docs/resources/mysql_session.md.erb +2 -1
- data/docs/resources/nginx.md.erb +1 -0
- data/docs/resources/nginx_conf.md.erb +2 -1
- data/docs/resources/npm.md.erb +2 -1
- data/docs/resources/ntp_conf.md.erb +2 -1
- data/docs/resources/oneget.md.erb +2 -1
- data/docs/resources/oracledb_session.md.erb +2 -1
- data/docs/resources/os.md.erb +4 -3
- data/docs/resources/os_env.md.erb +2 -1
- data/docs/resources/package.md.erb +3 -2
- data/docs/resources/packages.md.erb +2 -1
- data/docs/resources/parse_config.md.erb +2 -1
- data/docs/resources/parse_config_file.md.erb +3 -2
- data/docs/resources/passwd.md.erb +2 -1
- data/docs/resources/pip.md.erb +2 -1
- data/docs/resources/port.md.erb +2 -1
- data/docs/resources/postgres_conf.md.erb +2 -1
- data/docs/resources/postgres_hba_conf.md.erb +2 -1
- data/docs/resources/postgres_ident_conf.md.erb +2 -1
- data/docs/resources/postgres_session.md.erb +2 -1
- data/docs/resources/powershell.md.erb +2 -1
- data/docs/resources/processes.md.erb +3 -1
- data/docs/resources/rabbitmq_config.md.erb +2 -1
- data/docs/resources/registry_key.md.erb +2 -1
- data/docs/resources/runit_service.md.erb +2 -1
- data/docs/resources/security_policy.md.erb +2 -1
- data/docs/resources/service.md.erb +2 -1
- data/docs/resources/shadow.md.erb +2 -1
- data/docs/resources/ssh_config.md.erb +2 -1
- data/docs/resources/sshd_config.md.erb +2 -1
- data/docs/resources/ssl.md.erb +2 -1
- data/docs/resources/sys_info.md.erb +2 -1
- data/docs/resources/systemd_service.md.erb +2 -1
- data/docs/resources/sysv_service.md.erb +2 -1
- data/docs/resources/upstart_service.md.erb +2 -1
- data/docs/resources/user.md.erb +3 -1
- data/docs/resources/users.md.erb +2 -1
- data/docs/resources/vbscript.md.erb +2 -1
- data/docs/resources/virtualization.md.erb +2 -1
- data/docs/resources/windows_feature.md.erb +2 -1
- data/docs/resources/windows_hotfix.md.erb +2 -1
- data/docs/resources/windows_task.md.erb +49 -43
- data/docs/resources/wmi.md.erb +2 -1
- data/docs/resources/x509_certificate.md.erb +1 -0
- data/docs/resources/xinetd_conf.md.erb +2 -1
- data/docs/resources/xml.md.erb +2 -1
- data/docs/resources/yaml.md.erb +2 -1
- data/docs/resources/yum.md.erb +2 -1
- data/docs/resources/zfs_dataset.md.erb +2 -1
- data/docs/resources/zfs_pool.md.erb +2 -1
- data/docs/ruby_usage.md +0 -0
- data/docs/shared/matcher_be.md.erb +0 -0
- data/docs/shared/matcher_cmp.md.erb +0 -0
- data/docs/shared/matcher_eq.md.erb +0 -0
- data/docs/shared/matcher_include.md.erb +0 -0
- data/docs/shared/matcher_match.md.erb +0 -0
- data/docs/shell.md +0 -0
- data/examples/README.md +0 -0
- data/examples/inheritance/README.md +0 -0
- data/examples/inheritance/controls/example.rb +0 -0
- data/examples/inheritance/inspec.yml +0 -0
- data/examples/kitchen-ansible/.kitchen.yml +0 -0
- data/examples/kitchen-ansible/Gemfile +0 -0
- data/examples/kitchen-ansible/README.md +0 -0
- data/examples/kitchen-ansible/files/nginx.repo +0 -0
- data/examples/kitchen-ansible/tasks/main.yml +0 -0
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -0
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -0
- data/examples/kitchen-chef/.kitchen.yml +0 -0
- data/examples/kitchen-chef/Berksfile +0 -0
- data/examples/kitchen-chef/Gemfile +0 -0
- data/examples/kitchen-chef/README.md +0 -0
- data/examples/kitchen-chef/metadata.rb +0 -0
- data/examples/kitchen-chef/recipes/default.rb +0 -0
- data/examples/kitchen-chef/recipes/nginx.rb +0 -0
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -0
- data/examples/kitchen-puppet/.kitchen.yml +0 -0
- data/examples/kitchen-puppet/Gemfile +0 -0
- data/examples/kitchen-puppet/Puppetfile +0 -0
- data/examples/kitchen-puppet/README.md +0 -0
- data/examples/kitchen-puppet/manifests/site.pp +0 -0
- data/examples/kitchen-puppet/metadata.json +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -0
- data/examples/meta-profile/README.md +0 -0
- data/examples/meta-profile/controls/example.rb +0 -0
- data/examples/meta-profile/inspec.yml +0 -0
- data/examples/profile-attribute.yml +0 -0
- data/examples/profile-attribute/README.md +0 -0
- data/examples/profile-attribute/controls/example.rb +0 -0
- data/examples/profile-attribute/inspec.yml +0 -0
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -0
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -0
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -0
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -0
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -0
- data/examples/profile-aws/inspec.yml +11 -0
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -0
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -0
- data/examples/profile-azure/inspec.yml +11 -0
- data/examples/profile-sensitive/README.md +0 -0
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -0
- data/examples/profile-sensitive/controls/sensitive.rb +0 -0
- data/examples/profile-sensitive/inspec.yml +0 -0
- data/examples/profile/README.md +0 -0
- data/examples/profile/controls/example.rb +0 -0
- data/examples/profile/controls/gordon.rb +0 -0
- data/examples/profile/controls/meta.rb +0 -0
- data/examples/profile/inspec.yml +0 -0
- data/examples/profile/libraries/gordon_config.rb +0 -0
- data/inspec.gemspec +1 -1
- data/lib/bundles/README.md +0 -0
- data/lib/bundles/inspec-artifact.rb +0 -0
- data/lib/bundles/inspec-artifact/README.md +0 -0
- data/lib/bundles/inspec-artifact/cli.rb +0 -0
- data/lib/bundles/inspec-compliance.rb +0 -0
- data/lib/bundles/inspec-compliance/.kitchen.yml +0 -0
- data/lib/bundles/inspec-compliance/README.md +0 -0
- data/lib/bundles/inspec-compliance/api/login.rb +0 -0
- data/lib/bundles/inspec-compliance/bootstrap.sh +0 -0
- data/lib/bundles/inspec-compliance/cli.rb +12 -35
- data/lib/bundles/inspec-compliance/configuration.rb +0 -0
- data/lib/bundles/inspec-compliance/http.rb +0 -0
- data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
- data/lib/bundles/inspec-compliance/support.rb +0 -0
- data/lib/bundles/inspec-compliance/target.rb +0 -0
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +0 -0
- data/lib/bundles/inspec-habitat.rb +0 -0
- data/lib/bundles/inspec-habitat/cli.rb +0 -0
- data/lib/bundles/inspec-habitat/log.rb +0 -0
- data/lib/bundles/inspec-habitat/profile.rb +0 -0
- data/lib/bundles/inspec-init.rb +0 -0
- data/lib/bundles/inspec-init/README.md +0 -0
- data/lib/bundles/inspec-init/cli.rb +0 -0
- data/lib/bundles/inspec-init/templates/profile/README.md +0 -0
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +1 -1
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +0 -0
- data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
- data/lib/bundles/inspec-supermarket.rb +0 -0
- data/lib/bundles/inspec-supermarket/README.md +0 -0
- data/lib/bundles/inspec-supermarket/api.rb +0 -0
- data/lib/bundles/inspec-supermarket/cli.rb +11 -3
- data/lib/bundles/inspec-supermarket/target.rb +0 -0
- data/lib/fetchers/git.rb +0 -0
- data/lib/fetchers/local.rb +0 -0
- data/lib/fetchers/mock.rb +0 -0
- data/lib/fetchers/url.rb +0 -0
- data/lib/inspec.rb +0 -0
- data/lib/inspec/archive/tar.rb +0 -0
- data/lib/inspec/archive/zip.rb +0 -0
- data/lib/inspec/backend.rb +0 -0
- data/lib/inspec/base_cli.rb +2 -4
- data/lib/inspec/cached_fetcher.rb +0 -0
- data/lib/inspec/cli.rb +15 -11
- data/lib/inspec/completions/bash.sh.erb +0 -0
- data/lib/inspec/completions/fish.sh.erb +0 -0
- data/lib/inspec/completions/zsh.sh.erb +0 -0
- data/lib/inspec/control_eval_context.rb +0 -0
- data/lib/inspec/dependencies/cache.rb +0 -0
- data/lib/inspec/dependencies/dependency_set.rb +0 -0
- data/lib/inspec/dependencies/lockfile.rb +0 -0
- data/lib/inspec/dependencies/requirement.rb +0 -0
- data/lib/inspec/dependencies/resolver.rb +0 -0
- data/lib/inspec/describe.rb +0 -0
- data/lib/inspec/dsl.rb +0 -0
- data/lib/inspec/dsl_shared.rb +0 -0
- data/lib/inspec/env_printer.rb +0 -0
- data/lib/inspec/errors.rb +0 -0
- data/lib/inspec/exceptions.rb +0 -0
- data/lib/inspec/expect.rb +0 -0
- data/lib/inspec/fetcher.rb +0 -0
- data/lib/inspec/file_provider.rb +0 -0
- data/lib/inspec/formatters.rb +0 -0
- data/lib/inspec/formatters/base.rb +43 -1
- data/lib/inspec/formatters/json_rspec.rb +0 -0
- data/lib/inspec/formatters/show_progress.rb +0 -0
- data/lib/inspec/library_eval_context.rb +0 -0
- data/lib/inspec/log.rb +0 -0
- data/lib/inspec/metadata.rb +3 -9
- data/lib/inspec/method_source.rb +0 -0
- data/lib/inspec/objects.rb +0 -0
- data/lib/inspec/objects/attribute.rb +0 -0
- data/lib/inspec/objects/control.rb +0 -0
- data/lib/inspec/objects/describe.rb +0 -0
- data/lib/inspec/objects/each_loop.rb +0 -0
- data/lib/inspec/objects/list.rb +0 -0
- data/lib/inspec/objects/or_test.rb +0 -0
- data/lib/inspec/objects/ruby_helper.rb +0 -0
- data/lib/inspec/objects/tag.rb +0 -0
- data/lib/inspec/objects/test.rb +0 -0
- data/lib/inspec/objects/value.rb +0 -0
- data/lib/inspec/plugins.rb +0 -0
- data/lib/inspec/plugins/cli.rb +0 -0
- data/lib/inspec/plugins/fetcher.rb +0 -0
- data/lib/inspec/plugins/resource.rb +10 -9
- data/lib/inspec/plugins/secret.rb +0 -0
- data/lib/inspec/plugins/source_reader.rb +0 -0
- data/lib/inspec/polyfill.rb +0 -0
- data/lib/inspec/profile.rb +0 -0
- data/lib/inspec/profile_context.rb +0 -0
- data/lib/inspec/profile_vendor.rb +0 -0
- data/lib/inspec/reporters.rb +0 -0
- data/lib/inspec/reporters/base.rb +0 -0
- data/lib/inspec/reporters/cli.rb +12 -51
- data/lib/inspec/reporters/json.rb +3 -26
- data/lib/inspec/reporters/json_min.rb +0 -0
- data/lib/inspec/reporters/junit.rb +0 -0
- data/lib/inspec/require_loader.rb +0 -0
- data/lib/inspec/resource.rb +11 -1
- data/lib/inspec/rule.rb +0 -0
- data/lib/inspec/runner.rb +10 -8
- data/lib/inspec/runner_mock.rb +0 -0
- data/lib/inspec/runner_rspec.rb +18 -2
- data/lib/inspec/runtime_profile.rb +0 -0
- data/lib/inspec/schema.rb +25 -4
- data/lib/inspec/secrets.rb +0 -0
- data/lib/inspec/secrets/yaml.rb +0 -0
- data/lib/inspec/shell.rb +0 -0
- data/lib/inspec/shell_detector.rb +0 -0
- data/lib/inspec/source_reader.rb +0 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +1 -59
- data/lib/resource_support/aws.rb +40 -0
- data/lib/resource_support/aws/aws_backend_base.rb +12 -0
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -0
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -0
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -0
- data/lib/resources/aide_conf.rb +1 -1
- data/lib/resources/apache.rb +1 -2
- data/lib/resources/apache_conf.rb +2 -4
- data/lib/resources/apt.rb +1 -2
- data/lib/resources/audit_policy.rb +1 -2
- data/lib/resources/auditd.rb +1 -3
- data/lib/resources/auditd_conf.rb +1 -2
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -0
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -0
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -0
- data/lib/resources/aws/aws_ec2_instance.rb +157 -0
- data/lib/resources/aws/aws_iam_access_key.rb +106 -0
- data/lib/resources/aws/aws_iam_access_keys.rb +144 -0
- data/lib/resources/aws/aws_iam_group.rb +56 -0
- data/lib/resources/aws/aws_iam_groups.rb +45 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -0
- data/lib/resources/aws/aws_iam_policies.rb +46 -0
- data/lib/resources/aws/aws_iam_policy.rb +119 -0
- data/lib/resources/aws/aws_iam_role.rb +51 -0
- data/lib/resources/aws/aws_iam_root_user.rb +60 -0
- data/lib/resources/aws/aws_iam_user.rb +111 -0
- data/lib/resources/aws/aws_iam_users.rb +96 -0
- data/lib/resources/aws/aws_kms_keys.rb +46 -0
- data/lib/resources/aws/aws_route_table.rb +61 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -0
- data/lib/resources/aws/aws_security_group.rb +93 -0
- data/lib/resources/aws/aws_security_groups.rb +68 -0
- data/lib/resources/aws/aws_sns_topic.rb +53 -0
- data/lib/resources/aws/aws_subnet.rb +88 -0
- data/lib/resources/aws/aws_subnets.rb +53 -0
- data/lib/resources/aws/aws_vpc.rb +69 -0
- data/lib/resources/aws/aws_vpcs.rb +45 -0
- data/lib/resources/azure/azure_backend.rb +377 -0
- data/lib/resources/azure/azure_generic_resource.rb +59 -0
- data/lib/resources/azure/azure_resource_group.rb +152 -0
- data/lib/resources/azure/azure_virtual_machine.rb +264 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -0
- data/lib/resources/bash.rb +1 -2
- data/lib/resources/bond.rb +1 -2
- data/lib/resources/bridge.rb +1 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +1 -3
- data/lib/resources/cran.rb +1 -3
- data/lib/resources/crontab.rb +1 -0
- data/lib/resources/csv.rb +4 -2
- data/lib/resources/dh_params.rb +1 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +1 -4
- data/lib/resources/docker_container.rb +1 -4
- data/lib/resources/docker_image.rb +1 -4
- data/lib/resources/docker_object.rb +0 -0
- data/lib/resources/docker_service.rb +1 -5
- data/lib/resources/elasticsearch.rb +1 -0
- data/lib/resources/etc_fstab.rb +1 -1
- data/lib/resources/etc_group.rb +1 -2
- data/lib/resources/etc_hosts.rb +1 -1
- data/lib/resources/etc_hosts_allow_deny.rb +2 -1
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +1 -1
- data/lib/resources/firewalld.rb +1 -1
- data/lib/resources/gem.rb +2 -3
- data/lib/resources/groups.rb +4 -2
- data/lib/resources/grub_conf.rb +1 -1
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +20 -22
- data/lib/resources/iis_app.rb +1 -0
- data/lib/resources/iis_site.rb +1 -0
- data/lib/resources/inetd_conf.rb +1 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -3
- data/lib/resources/iptables.rb +1 -2
- data/lib/resources/json.rb +4 -2
- data/lib/resources/kernel_module.rb +1 -4
- data/lib/resources/kernel_parameter.rb +1 -1
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/limits_conf.rb +1 -2
- data/lib/resources/login_def.rb +1 -2
- data/lib/resources/mount.rb +1 -3
- data/lib/resources/mssql_session.rb +1 -3
- data/lib/resources/mysql.rb +1 -2
- data/lib/resources/mysql_conf.rb +2 -1
- data/lib/resources/mysql_session.rb +2 -3
- data/lib/resources/nginx.rb +1 -2
- data/lib/resources/nginx_conf.rb +1 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +1 -2
- data/lib/resources/oneget.rb +1 -2
- data/lib/resources/oracledb_session.rb +2 -3
- data/lib/resources/os.rb +2 -12
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +1 -2
- data/lib/resources/parse_config.rb +2 -2
- data/lib/resources/passwd.rb +1 -23
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +19 -22
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres.rb +1 -3
- data/lib/resources/postgres_conf.rb +2 -3
- data/lib/resources/postgres_hba_conf.rb +1 -2
- data/lib/resources/postgres_ident_conf.rb +1 -2
- data/lib/resources/postgres_session.rb +2 -3
- data/lib/resources/powershell.rb +1 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +1 -2
- data/lib/resources/registry_key.rb +1 -1
- data/lib/resources/security_policy.rb +1 -2
- data/lib/resources/service.rb +8 -3
- data/lib/resources/shadow.rb +1 -2
- data/lib/resources/ssh_conf.rb +2 -2
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -0
- data/lib/resources/toml.rb +0 -0
- data/lib/resources/users.rb +4 -2
- data/lib/resources/vbscript.rb +1 -2
- data/lib/resources/virtualization.rb +1 -1
- data/lib/resources/windows_feature.rb +1 -2
- data/lib/resources/windows_hotfix.rb +1 -1
- data/lib/resources/windows_task.rb +1 -2
- data/lib/resources/wmi.rb +1 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +1 -2
- data/lib/resources/xml.rb +2 -1
- data/lib/resources/yaml.rb +4 -2
- data/lib/resources/yum.rb +1 -2
- data/lib/resources/zfs_dataset.rb +1 -1
- data/lib/resources/zfs_pool.rb +1 -1
- data/lib/source_readers/flat.rb +0 -0
- data/lib/source_readers/inspec.rb +0 -0
- data/lib/utils/command_wrapper.rb +0 -0
- data/lib/utils/convert.rb +0 -0
- data/lib/utils/database_helpers.rb +0 -0
- data/lib/utils/erlang_parser.rb +0 -0
- data/lib/utils/filter.rb +0 -0
- data/lib/utils/filter_array.rb +0 -0
- data/lib/utils/find_files.rb +0 -0
- data/lib/utils/hash.rb +0 -0
- data/lib/utils/json_log.rb +0 -0
- data/lib/utils/latest_version.rb +0 -0
- data/lib/utils/modulator.rb +0 -0
- data/lib/utils/nginx_parser.rb +0 -0
- data/lib/utils/object_traversal.rb +0 -0
- data/lib/utils/parser.rb +0 -0
- data/lib/utils/plugin_registry.rb +0 -0
- data/lib/utils/simpleconfig.rb +0 -12
- data/lib/utils/spdx.rb +0 -0
- data/lib/utils/spdx.txt +0 -0
- metadata +81 -6
- data/docs/resources/auditd_rules.md.erb +0 -116
- data/lib/resources/auditd_rules.rb +0 -205
|
File without changes
|
data/docs/profiles.md
CHANGED
|
File without changes
|
data/docs/reporters.md
CHANGED
|
File without changes
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: The aide_conf Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# aide_conf
|
|
@@ -38,9 +39,11 @@ Use the where clause to match a selection_line to one rule or a particular set o
|
|
|
38
39
|
|
|
39
40
|
* `conf_path`, `content`, `rules`, `all_have_rule`
|
|
40
41
|
|
|
42
|
+
<br>
|
|
43
|
+
|
|
41
44
|
## Property Examples
|
|
42
45
|
|
|
43
|
-
The following examples show how to use this InSpec audit resource.
|
|
46
|
+
The following examples show how to use this InSpec audit resource.
|
|
44
47
|
|
|
45
48
|
### Test if all selection lines contain the xattr rule
|
|
46
49
|
|
|
@@ -65,14 +68,9 @@ The following examples show how to use this InSpec audit resource.
|
|
|
65
68
|
describe aide_conf.all_have_rule('sha512') do
|
|
66
69
|
it { should eq true }
|
|
67
70
|
end
|
|
68
|
-
|
|
71
|
+
|
|
69
72
|
<br>
|
|
70
73
|
|
|
71
74
|
## Matchers
|
|
72
75
|
|
|
73
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
74
|
-
This InSpec audit resource uses the matchers `eq` and `include`.
|
|
75
|
-
|
|
76
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
77
|
-
|
|
78
|
-
|
|
76
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the apache Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# apache
|
|
@@ -63,4 +64,4 @@ The following examples show how to use this InSpec audit resource.
|
|
|
63
64
|
|
|
64
65
|
## Matchers
|
|
65
66
|
|
|
66
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
67
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the apache_conf Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# apache_conf
|
|
@@ -50,7 +51,7 @@ The following examples show how to use this InSpec audit resource.
|
|
|
50
51
|
|
|
51
52
|
## Matchers
|
|
52
53
|
|
|
53
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
54
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
54
55
|
This InSpec audit resource matches any service that is listed in the Apache configuration file:
|
|
55
56
|
|
|
56
57
|
its('PidFile') { should_not eq '/var/run/httpd.pid' }
|
data/docs/resources/apt.md.erb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the apt Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# apt
|
|
@@ -54,7 +55,7 @@ The following examples show how to use this InSpec audit resource.
|
|
|
54
55
|
|
|
55
56
|
## Matchers
|
|
56
57
|
|
|
57
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
58
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
58
59
|
|
|
59
60
|
|
|
60
61
|
### be_enabled
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the audit_policy Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# audit_policy
|
|
6
7
|
|
|
7
|
-
Use the `audit_policy`
|
|
8
|
+
Use the `audit_policy` InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
|
|
8
9
|
|
|
9
10
|
<br>
|
|
10
11
|
|
|
@@ -43,4 +44,4 @@ The following examples show how to use this InSpec audit resource.
|
|
|
43
44
|
|
|
44
45
|
## Matchers
|
|
45
46
|
|
|
46
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
47
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the auditd Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# auditd
|
|
@@ -75,4 +76,4 @@ The key filter may be useful in evaluating rules with particular key values:
|
|
|
75
76
|
|
|
76
77
|
## Matchers
|
|
77
78
|
|
|
78
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
79
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: About the auditd_conf Resource
|
|
3
|
+
platform: linux
|
|
3
4
|
---
|
|
4
5
|
|
|
5
6
|
# auditd_conf
|
|
@@ -57,12 +58,11 @@ The following examples show how to use this InSpec audit resource.
|
|
|
57
58
|
|
|
58
59
|
## Matchers
|
|
59
60
|
|
|
60
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
61
|
+
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
61
62
|
|
|
62
63
|
### `cmp`
|
|
63
64
|
|
|
64
|
-
The `cmp` matcher compares values across types.
|
|
65
|
+
The `cmp` matcher compares values across types.
|
|
65
66
|
|
|
66
67
|
its('freq') { should cmp 1 }
|
|
67
68
|
|
|
68
|
-
For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_cloudtrail_trail Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_cloudtrail\_trail
|
|
7
|
+
|
|
8
|
+
Use the `aws_cloudtrail_trail` InSpec audit resource to test properties of a single AWS Cloudtrail Trail.
|
|
9
|
+
|
|
10
|
+
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
|
|
11
|
+
|
|
12
|
+
Each AWS Cloudtrail Trail is uniquely identified by its `trail_name` or `trail_arn`.
|
|
13
|
+
|
|
14
|
+
<br>
|
|
15
|
+
|
|
16
|
+
## Syntax
|
|
17
|
+
|
|
18
|
+
An `aws_cloudtrail_trail` resource block identifies a trail by `trail_name`.
|
|
19
|
+
|
|
20
|
+
# Find a trail by name
|
|
21
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
22
|
+
it { should exist }
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Hash syntax for trail name
|
|
26
|
+
describe aws_cloudtrail_trail(trail_name: 'trail-name') do
|
|
27
|
+
it { should exist }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
<br>
|
|
31
|
+
|
|
32
|
+
## Examples
|
|
33
|
+
|
|
34
|
+
The following examples show how to use this InSpec audit resource.
|
|
35
|
+
|
|
36
|
+
### Test that the specified trail does exist
|
|
37
|
+
|
|
38
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
39
|
+
it { should exist }
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
### Test that the specified trail is encrypted using SSE-KMS
|
|
43
|
+
|
|
44
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
45
|
+
it { should be_encrypted }
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
### Test that the specified trail is a multi region trail
|
|
49
|
+
|
|
50
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
51
|
+
it { should be_multi_region_trail }
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
<br>
|
|
55
|
+
|
|
56
|
+
## Properties
|
|
57
|
+
|
|
58
|
+
* `s3_bucket_name`, `trail_arn`, `cloud_watch_logs_role_arn`, `cloud_watch_logs_log_group_arn`, `kms_key_id`, `home_region`,
|
|
59
|
+
|
|
60
|
+
<br>
|
|
61
|
+
|
|
62
|
+
## Property Examples
|
|
63
|
+
|
|
64
|
+
### s3\_bucket\_name
|
|
65
|
+
|
|
66
|
+
Specifies the name of the Amazon S3 bucket designated for publishing log files.
|
|
67
|
+
|
|
68
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
69
|
+
its('s3_bucket_name') { should cmp "s3-bucket-name" }
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
### trail\_arn
|
|
73
|
+
|
|
74
|
+
The ARN identifier of the specified trail. An ARN uniquely identifies the trail within AWS.
|
|
75
|
+
|
|
76
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
77
|
+
its('trail_arn') { should cmp "arn:aws:cloudtrail:us-east-1:484747447281:trail/trail-name" }
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
### cloud\_watch\_logs\_role\_arn
|
|
81
|
+
|
|
82
|
+
Specifies the role for the CloudWatch Logs endpoint to assume to write to a user\'s log group.
|
|
83
|
+
|
|
84
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
85
|
+
its('cloud_watch_logs_role_arn') { should include "arn:aws:iam:::role/CloudTrail_CloudWatchLogs_Role" }
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
### cloud\_watch\_logs\_log\_group\_arn
|
|
89
|
+
|
|
90
|
+
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered.
|
|
91
|
+
|
|
92
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
93
|
+
its('cloud_watch_logs_log_group_arn') { should include "arn:aws:logs:us-east-1::log-group:test:*" }
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
### kms\_key\_id
|
|
97
|
+
|
|
98
|
+
Specifies the KMS key ID to used to encrypt the logs delivered by CloudTrail.
|
|
99
|
+
|
|
100
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
101
|
+
its('kms_key_id') { should include "key-arn" }
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
### home\_region
|
|
105
|
+
|
|
106
|
+
Specifies the region in which the trail was created.
|
|
107
|
+
|
|
108
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
109
|
+
its('home_region') { should include "us-east-1" }
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
<br>
|
|
113
|
+
|
|
114
|
+
## Matchers
|
|
115
|
+
|
|
116
|
+
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
117
|
+
|
|
118
|
+
### be\_multi\_region\_trail
|
|
119
|
+
|
|
120
|
+
The test will pass if the identified trail is a multi region trail.
|
|
121
|
+
|
|
122
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
123
|
+
it { should be_multi_region_trail }
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
### be\_encrypted
|
|
127
|
+
|
|
128
|
+
The test will pass if the logs delivered by the identified trail is encrypted.
|
|
129
|
+
|
|
130
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
131
|
+
it { should be_encrypted }
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
### be\_log\_file\_validation\_enabled
|
|
135
|
+
|
|
136
|
+
The test will pass if the identified trail has log file integrity validation is enabled.
|
|
137
|
+
|
|
138
|
+
describe aws_cloudtrail_trail('trail-name') do
|
|
139
|
+
it { should be_log_file_validation_enabled }
|
|
140
|
+
end
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_cloudtrail_trails Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_cloudtrail\_trails
|
|
7
|
+
|
|
8
|
+
Use the `aws_cloudtrail_trails` InSpec audit resource to test properties of some or all AWS CloudTrail Trails.
|
|
9
|
+
|
|
10
|
+
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
|
|
11
|
+
|
|
12
|
+
Each AWS CloudTrail Trails is uniquely identified by its trail name or trail arn.
|
|
13
|
+
|
|
14
|
+
<br>
|
|
15
|
+
|
|
16
|
+
## Syntax
|
|
17
|
+
|
|
18
|
+
An `aws_cloudtrail_trails` resource block collects a group of CloudTrail Trails and then tests that group.
|
|
19
|
+
|
|
20
|
+
# Verify the number of CloudTrail Trails in the AWS account
|
|
21
|
+
describe aws_cloudtrail_trails do
|
|
22
|
+
its('entries.count') { should cmp 10 }
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
<br>
|
|
26
|
+
|
|
27
|
+
## Examples
|
|
28
|
+
|
|
29
|
+
The following examples show how to use this InSpec audit resource.
|
|
30
|
+
|
|
31
|
+
As this is the initial release of `aws_cloudtrail_trails`, its limited functionality precludes examples.
|
|
32
|
+
|
|
33
|
+
<br>
|
|
34
|
+
|
|
35
|
+
## Properties
|
|
36
|
+
* `entries`, `names`, `trail_arns`
|
|
37
|
+
|
|
38
|
+
<br>
|
|
39
|
+
|
|
40
|
+
## Property Examples
|
|
41
|
+
|
|
42
|
+
### entries
|
|
43
|
+
|
|
44
|
+
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
|
|
45
|
+
|
|
46
|
+
# Allow at most 100 CloudTrail Trails on the account
|
|
47
|
+
describe aws_cloudtrail_trails do
|
|
48
|
+
its('entries.count') { should be <= 100}
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
### names
|
|
52
|
+
|
|
53
|
+
Provides a list of trail names for all CloudTrail Trails in the AWS account.
|
|
54
|
+
|
|
55
|
+
describe aws_cloudtrail_trails do
|
|
56
|
+
its('names') { should include('trail-1') }
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
### trail\_arns
|
|
60
|
+
|
|
61
|
+
Provides a list of trail arns for all CloudTrail Trails in the AWS account.
|
|
62
|
+
|
|
63
|
+
describe aws_cloudtrail_trails do
|
|
64
|
+
its('trail_arns') { should include('arn:aws:cloudtrail:us-east-1::trail/trail-1') }
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
<br>
|
|
68
|
+
|
|
69
|
+
## Matchers
|
|
70
|
+
|
|
71
|
+
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
72
|
+
|
|
73
|
+
### exists
|
|
74
|
+
|
|
75
|
+
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
|
76
|
+
|
|
77
|
+
# Verify that at least one CloudTrail Trail exists.
|
|
78
|
+
describe aws_cloudtrail_trails
|
|
79
|
+
it { should exist }
|
|
80
|
+
end
|
|
81
|
+
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: About the aws_cloudwatch_alarm Resource
|
|
3
|
+
platform: aws
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# aws\_cloudwatch\_alarm
|
|
7
|
+
|
|
8
|
+
Use the `aws_cloudwatch_alarm` InSpec audit resource to test properties of a single Cloudwatch Alarm.
|
|
9
|
+
|
|
10
|
+
Cloudwatch Alarms are currently identified using the metric name and metric namespace. Future work may allow other approaches to identifying alarms.
|
|
11
|
+
|
|
12
|
+
<br>
|
|
13
|
+
|
|
14
|
+
## Syntax
|
|
15
|
+
|
|
16
|
+
An `aws_cloudwatch_alarm` resource block searches for a Cloudwatch Alarm, specified by several search options. If more than one Alarm matches, an error occurs.
|
|
17
|
+
|
|
18
|
+
# Look for a specific alarm
|
|
19
|
+
aws_cloudwatch_alarm(
|
|
20
|
+
metric: 'my-metric-name',
|
|
21
|
+
metric_namespace: 'my-metric-namespace',
|
|
22
|
+
) do
|
|
23
|
+
it { should exist }
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
<br>
|
|
27
|
+
|
|
28
|
+
## Examples
|
|
29
|
+
|
|
30
|
+
The following examples show how to use this InSpec audit resource.
|
|
31
|
+
|
|
32
|
+
### Ensure an Alarm has at least one alarm action
|
|
33
|
+
|
|
34
|
+
describe aws_cloudwatch_alarm(
|
|
35
|
+
metric: 'my-metric-name',
|
|
36
|
+
metric_namespace: 'my-metric-namespace',
|
|
37
|
+
) do
|
|
38
|
+
its('alarm_actions') { should_not be_empty }
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
<br>
|
|
42
|
+
|
|
43
|
+
## Properties
|
|
44
|
+
|
|
45
|
+
* `alarm_actions`
|
|
46
|
+
|
|
47
|
+
## Property Examples
|
|
48
|
+
|
|
49
|
+
### alarm\_actions
|
|
50
|
+
|
|
51
|
+
`alarm_actions` returns a list of strings. Each string is the ARN of an action that will be taken should the alarm be triggered.
|
|
52
|
+
|
|
53
|
+
# Ensure that the alarm has at least one action
|
|
54
|
+
describe aws_cloudwatch_alarm(
|
|
55
|
+
metric: 'bed-metric',
|
|
56
|
+
metric_namespace: 'my-metric-namespace',
|
|
57
|
+
) do
|
|
58
|
+
its('alarm_actions') { should_not be_empty }
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
<br>
|
|
62
|
+
|
|
63
|
+
## Matchers
|
|
64
|
+
|
|
65
|
+
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
66
|
+
|
|
67
|
+
### exists
|
|
68
|
+
|
|
69
|
+
The control will pass if a Cloudwatch Alarm could be found. Use `should_not` if you expect zero matches.
|
|
70
|
+
|
|
71
|
+
# Expect good metric
|
|
72
|
+
describe aws_cloudwatch_alarm(
|
|
73
|
+
metric: 'good-metric',
|
|
74
|
+
metric_namespace: 'my-metric-namespace',
|
|
75
|
+
) do
|
|
76
|
+
it { should exist }
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
# Disallow alarms based on bad-metric
|
|
80
|
+
describe aws_cloudwatch_alarm(
|
|
81
|
+
metric: 'bed-metric',
|
|
82
|
+
metric_namespace: 'my-metric-namespace',
|
|
83
|
+
) do
|
|
84
|
+
it { should_not exist }
|
|
85
|
+
end
|
|
86
|
+
|