inspec 2.0.16 → 2.0.17

data/lib/resources/aws/aws_route_table.rb

@@ -1,61 +1,61 @@
-class AwsRouteTable < Inspec.resource(1)
-  name 'aws_route_table'
-  desc 'Verifies settings for an AWS Route Table'
-  example "
-    describe aws_route_table do
-      its('route_table_id') { should cmp 'rtb-2c60ec44' }
-    end
-  "
-  supports platform: 'aws'
-
-  include AwsSingularResourceMixin
-
-  def to_s
-    "Route Table #{@route_table_id}"
-  end
-
-  attr_reader :route_table_id, :vpc_id
-
-  private
-
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:route_table_id],
-      allowed_scalar_name: :route_table_id,
-      allowed_scalar_type: String,
-    )
-
-    if validated_params.key?(:route_table_id) && validated_params[:route_table_id] !~ /^rtb\-[0-9a-f]{8}/
-      raise ArgumentError, 'aws_route_table Route Table ID must be in the' \
-       ' format "rtb-" followed by 8 hexadecimal characters.'
-    end
-
-    validated_params
-  end
-
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-
-    if @route_table_id.nil?
-      args = nil
-    else
-      args = { filters: [{ name: 'route-table-id', values: [@route_table_id] }] }
-    end
-
-    resp = backend.describe_route_tables(args)
-    routetable = resp.to_h[:route_tables]
-    @exists = !routetable.empty?
-  end
-
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::EC2::Client
-
-      def describe_route_tables(query)
-        aws_service_client.describe_route_tables(query)
-      end
-    end
-  end
-end
+class AwsRouteTable < Inspec.resource(1)
+  name 'aws_route_table'
+  desc 'Verifies settings for an AWS Route Table'
+  example "
+    describe aws_route_table do
+      its('route_table_id') { should cmp 'rtb-2c60ec44' }
+    end
+  "
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+
+  def to_s
+    "Route Table #{@route_table_id}"
+  end
+
+  attr_reader :route_table_id, :vpc_id
+
+  private
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:route_table_id],
+      allowed_scalar_name: :route_table_id,
+      allowed_scalar_type: String,
+    )
+
+    if validated_params.key?(:route_table_id) && validated_params[:route_table_id] !~ /^rtb\-[0-9a-f]{8}/
+      raise ArgumentError, 'aws_route_table Route Table ID must be in the' \
+       ' format "rtb-" followed by 8 hexadecimal characters.'
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api
+    backend = BackendFactory.create(inspec_runner)
+
+    if @route_table_id.nil?
+      args = nil
+    else
+      args = { filters: [{ name: 'route-table-id', values: [@route_table_id] }] }
+    end
+
+    resp = backend.describe_route_tables(args)
+    routetable = resp.to_h[:route_tables]
+    @exists = !routetable.empty?
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::EC2::Client
+
+      def describe_route_tables(query)
+        aws_service_client.describe_route_tables(query)
+      end
+    end
+  end
+end

data/lib/resources/aws/aws_s3_bucket.rb

@@ -1,115 +1,115 @@
-# author: Matthew Dromazos
-class AwsS3Bucket < Inspec.resource(1)
-  name 'aws_s3_bucket'
-  desc 'Verifies settings for a s3 bucket'
-  example "
-    describe aws_s3_bucket(bucket_name: 'test_bucket') do
-      it { should exist }
-    end
-  "
-  supports platform: 'aws'
-
-  include AwsSingularResourceMixin
-  attr_reader :bucket_name, :has_access_logging_enabled, :region
-
-  def to_s
-    "S3 Bucket #{@bucket_name}"
-  end
-
-  def bucket_acl
-    catch_aws_errors do
-      @bucket_acl ||= BackendFactory.create(inspec_runner).get_bucket_acl(bucket: bucket_name).grants
-    end
-  end
-
-  def bucket_policy
-    @bucket_policy ||= fetch_bucket_policy
-  end
-
-  # RSpec will alias this to be_public
-  def public?
-    # first line just for formatting
-    false || \
-      bucket_acl.any? { |g| g.grantee.type == 'Group' && g.grantee.uri =~ /AllUsers/ } || \
-      bucket_acl.any? { |g| g.grantee.type == 'Group' && g.grantee.uri =~ /AuthenticatedUsers/ } || \
-      bucket_policy.any? { |s| s.effect == 'Allow' && s.principal == '*' }
-  end
-
-  def has_access_logging_enabled?
-    return unless @exists
-    catch_aws_errors do
-      @has_access_logging_enabled ||= !BackendFactory.create(inspec_runner).get_bucket_logging(bucket: bucket_name).logging_enabled.nil?
-    end
-  end
-
-  private
-
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:bucket_name],
-      allowed_scalar_name: :bucket_name,
-      allowed_scalar_type: String,
-    )
-    if validated_params.empty? or !validated_params.key?(:bucket_name)
-      raise ArgumentError, 'You must provide a bucket_name to aws_s3_bucket.'
-    end
-
-    validated_params
-  end
-
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-
-    # Since there is no basic "get_bucket" API call, use the
-    # region fetch as the existence check.
-    begin
-      @region = backend.get_bucket_location(bucket: bucket_name).location_constraint
-    rescue Aws::S3::Errors::NoSuchBucket
-      @exists = false
-      return
-    end
-    @exists = true
-  end
-
-  def fetch_bucket_policy
-    backend = BackendFactory.create(inspec_runner)
-    catch_aws_errors do
-      begin
-        # AWS SDK returns a StringIO, we have to read()
-        raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
-        return JSON.parse(raw_policy.read)['Statement'].map do |statement|
-          lowercase_hash = {}
-          statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
-          @bucket_policy = OpenStruct.new(lowercase_hash)
-        end
-      rescue Aws::S3::Errors::NoSuchBucketPolicy
-        @bucket_policy = []
-      end
-    end
-  end
-
-  # Uses the SDK API to really talk to AWS
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::S3::Client
-
-      def get_bucket_acl(query)
-        aws_service_client.get_bucket_acl(query)
-      end
-
-      def get_bucket_location(query)
-        aws_service_client.get_bucket_location(query)
-      end
-
-      def get_bucket_policy(query)
-        aws_service_client.get_bucket_policy(query)
-      end
-
-      def get_bucket_logging(query)
-        aws_service_client.get_bucket_logging(query)
-      end
-    end
-  end
-end
+# author: Matthew Dromazos
+class AwsS3Bucket < Inspec.resource(1)
+  name 'aws_s3_bucket'
+  desc 'Verifies settings for a s3 bucket'
+  example "
+    describe aws_s3_bucket(bucket_name: 'test_bucket') do
+      it { should exist }
+    end
+  "
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+  attr_reader :bucket_name, :has_access_logging_enabled, :region
+
+  def to_s
+    "S3 Bucket #{@bucket_name}"
+  end
+
+  def bucket_acl
+    catch_aws_errors do
+      @bucket_acl ||= BackendFactory.create(inspec_runner).get_bucket_acl(bucket: bucket_name).grants
+    end
+  end
+
+  def bucket_policy
+    @bucket_policy ||= fetch_bucket_policy
+  end
+
+  # RSpec will alias this to be_public
+  def public?
+    # first line just for formatting
+    false || \
+      bucket_acl.any? { |g| g.grantee.type == 'Group' && g.grantee.uri =~ /AllUsers/ } || \
+      bucket_acl.any? { |g| g.grantee.type == 'Group' && g.grantee.uri =~ /AuthenticatedUsers/ } || \
+      bucket_policy.any? { |s| s.effect == 'Allow' && s.principal == '*' }
+  end
+
+  def has_access_logging_enabled?
+    return unless @exists
+    catch_aws_errors do
+      @has_access_logging_enabled ||= !BackendFactory.create(inspec_runner).get_bucket_logging(bucket: bucket_name).logging_enabled.nil?
+    end
+  end
+
+  private
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:bucket_name],
+      allowed_scalar_name: :bucket_name,
+      allowed_scalar_type: String,
+    )
+    if validated_params.empty? or !validated_params.key?(:bucket_name)
+      raise ArgumentError, 'You must provide a bucket_name to aws_s3_bucket.'
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api
+    backend = BackendFactory.create(inspec_runner)
+
+    # Since there is no basic "get_bucket" API call, use the
+    # region fetch as the existence check.
+    begin
+      @region = backend.get_bucket_location(bucket: bucket_name).location_constraint
+    rescue Aws::S3::Errors::NoSuchBucket
+      @exists = false
+      return
+    end
+    @exists = true
+  end
+
+  def fetch_bucket_policy
+    backend = BackendFactory.create(inspec_runner)
+    catch_aws_errors do
+      begin
+        # AWS SDK returns a StringIO, we have to read()
+        raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
+        return JSON.parse(raw_policy.read)['Statement'].map do |statement|
+          lowercase_hash = {}
+          statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
+          @bucket_policy = OpenStruct.new(lowercase_hash)
+        end
+      rescue Aws::S3::Errors::NoSuchBucketPolicy
+        @bucket_policy = []
+      end
+    end
+  end
+
+  # Uses the SDK API to really talk to AWS
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::S3::Client
+
+      def get_bucket_acl(query)
+        aws_service_client.get_bucket_acl(query)
+      end
+
+      def get_bucket_location(query)
+        aws_service_client.get_bucket_location(query)
+      end
+
+      def get_bucket_policy(query)
+        aws_service_client.get_bucket_policy(query)
+      end
+
+      def get_bucket_logging(query)
+        aws_service_client.get_bucket_logging(query)
+      end
+    end
+  end
+end

data/lib/resources/aws/aws_security_group.rb

@@ -1,93 +1,93 @@
-class AwsSecurityGroup < Inspec.resource(1)
-  name 'aws_security_group'
-  desc 'Verifies settings for an individual AWS Security Group.'
-  example '
-    describe aws_security_group("sg-12345678") do
-      it { should exist }
-    end
-  '
-  supports platform: 'aws'
-
-  include AwsSingularResourceMixin
-  attr_reader :description, :group_id, :group_name, :vpc_id
-
-  def to_s
-    "EC2 Security Group #{@group_id}"
-  end
-
-  private
-
-  def validate_params(raw_params)
-    recognized_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:id, :group_id, :group_name, :vpc_id],
-      allowed_scalar_name: :group_id,
-      allowed_scalar_type: String,
-    )
-
-    # id is an alias for group_id
-    recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
-
-    if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
-      raise ArgumentError, 'aws_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
-    end
-
-    if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
-      raise ArgumentError, 'aws_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
-    end
-
-    validated_params = recognized_params
-
-    if validated_params.empty?
-      raise ArgumentError, 'You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group.'
-    end
-    validated_params
-  end
-
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-
-    # Transform into filter format expected by AWS
-    filters = []
-    [
-      :description,
-      :group_id,
-      :group_name,
-      :vpc_id,
-    ].each do |criterion_name|
-      instance_var = "@#{criterion_name}".to_sym
-      next unless instance_variable_defined?(instance_var)
-      val = instance_variable_get(instance_var)
-      next if val.nil?
-      filters.push(
-        {
-          name: criterion_name.to_s.tr('_', '-'),
-          values: [val],
-        },
-      )
-    end
-    dsg_response = backend.describe_security_groups(filters: filters)
-
-    if dsg_response.security_groups.empty?
-      @exists = false
-      return
-    end
-
-    @exists = true
-    @description = dsg_response.security_groups[0].description
-    @group_id   = dsg_response.security_groups[0].group_id
-    @group_name = dsg_response.security_groups[0].group_name
-    @vpc_id     = dsg_response.security_groups[0].vpc_id
-  end
-
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend self
-      self.aws_client_class = Aws::EC2::Client
-
-      def describe_security_groups(query)
-        aws_service_client.describe_security_groups(query)
-      end
-    end
-  end
-end
+class AwsSecurityGroup < Inspec.resource(1)
+  name 'aws_security_group'
+  desc 'Verifies settings for an individual AWS Security Group.'
+  example '
+    describe aws_security_group("sg-12345678") do
+      it { should exist }
+    end
+  '
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+  attr_reader :description, :group_id, :group_name, :vpc_id
+
+  def to_s
+    "EC2 Security Group #{@group_id}"
+  end
+
+  private
+
+  def validate_params(raw_params)
+    recognized_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:id, :group_id, :group_name, :vpc_id],
+      allowed_scalar_name: :group_id,
+      allowed_scalar_type: String,
+    )
+
+    # id is an alias for group_id
+    recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
+
+    if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
+      raise ArgumentError, 'aws_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
+    end
+
+    if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
+      raise ArgumentError, 'aws_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
+    end
+
+    validated_params = recognized_params
+
+    if validated_params.empty?
+      raise ArgumentError, 'You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group.'
+    end
+    validated_params
+  end
+
+  def fetch_from_api
+    backend = BackendFactory.create(inspec_runner)
+
+    # Transform into filter format expected by AWS
+    filters = []
+    [
+      :description,
+      :group_id,
+      :group_name,
+      :vpc_id,
+    ].each do |criterion_name|
+      instance_var = "@#{criterion_name}".to_sym
+      next unless instance_variable_defined?(instance_var)
+      val = instance_variable_get(instance_var)
+      next if val.nil?
+      filters.push(
+        {
+          name: criterion_name.to_s.tr('_', '-'),
+          values: [val],
+        },
+      )
+    end
+    dsg_response = backend.describe_security_groups(filters: filters)
+
+    if dsg_response.security_groups.empty?
+      @exists = false
+      return
+    end
+
+    @exists = true
+    @description = dsg_response.security_groups[0].description
+    @group_id   = dsg_response.security_groups[0].group_id
+    @group_name = dsg_response.security_groups[0].group_name
+    @vpc_id     = dsg_response.security_groups[0].vpc_id
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend self
+      self.aws_client_class = Aws::EC2::Client
+
+      def describe_security_groups(query)
+        aws_service_client.describe_security_groups(query)
+      end
+    end
+  end
+end