inspec 2.0.17 → 2.0.32

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 22e8b8b6038e739efd1bee94339256401b361dfb
4
- data.tar.gz: d25764db7b45182a26f250fde82090aed694a10e
3
+ metadata.gz: 00731d7ba23826e1f9ad7f39c7933d5c9518bf4f
4
+ data.tar.gz: 92ec9aee2d0a554623e0d10da40f5c2c5340a0c3
5
5
  SHA512:
6
- metadata.gz: b09a1a6565799240e297f976823a05854542b9c1e4106188d801c4d6bda3a8ed1e4193810a8ba4d06f3c7929973e46178d4dd070b4df5d08854146db541d7fbe
7
- data.tar.gz: 981ae101d306467b25a20ecacec715733930c3413db6a18cd3c248184f0e6d40b64ac368c51860d896b03791b04b73140a3e2502ba2a5c35b6edbc837ca72da7
6
+ metadata.gz: 8c9287685dfbef7033537051a64a7fd55e96191835be97349912abd8a172926a81d0f579443afdb2c8ad1c0e21808369cedfb8ece8e5d832edbed99702c0b44b
7
+ data.tar.gz: 955962215c0e09d23721d34c13fb72f35399d7a8b33ef61ac04e5e6afedad3b7a6fdd6ee00c71e6ac4643ce8272a722f9ddcd8f35b42814dab674f811c311250
data/CHANGELOG.md CHANGED
@@ -1,20 +1,42 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 2.0.17 -->
4
- ## [v2.0.17](https://github.com/chef/inspec/tree/v2.0.17) (2018-02-20)
3
+ <!-- latest_release 2.0.32 -->
4
+ ## [v2.0.32](https://github.com/chef/inspec/tree/v2.0.32) (2018-03-01)
5
5
 
6
6
  #### Merged Pull Requests
7
- - Update shell detect to work with platforms [#2712](https://github.com/chef/inspec/pull/2712) ([jquick](https://github.com/jquick))
7
+ - mssql_session - Handling cases where the data is nil [#2752](https://github.com/chef/inspec/pull/2752) ([frezbo](https://github.com/frezbo))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=2.0.16 -->
11
- ### Changes since 2.0.16 release
10
+ <!-- release_rollup since=2.0.17 -->
11
+ ### Changes since 2.0.17 release
12
+
13
+ #### Bug Fixes
14
+ - package resource: Fix `brew` package detection [#2730](https://github.com/chef/inspec/pull/2730) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.21 -->
12
15
 
13
16
  #### Merged Pull Requests
14
- - Update shell detect to work with platforms [#2712](https://github.com/chef/inspec/pull/2712) ([jquick](https://github.com/jquick)) <!-- 2.0.17 -->
17
+ - mssql_session - Handling cases where the data is nil [#2752](https://github.com/chef/inspec/pull/2752) ([frezbo](https://github.com/frezbo)) <!-- 2.0.32 -->
18
+ - Docs: Clarify Matchers page to speak about Universal matchers [#2754](https://github.com/chef/inspec/pull/2754) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.0.31 -->
19
+ - virtualization_resource: Fix `NoMethodError` on `nil:NilClass` [#2603](https://github.com/chef/inspec/pull/2603) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.30 -->
20
+ - Updated omnibus `postinst` script to symlink to appbundle created binstubs [#2732](https://github.com/chef/inspec/pull/2732) ([miah](https://github.com/miah)) <!-- 2.0.29 -->
21
+ - New Resource aws_config_recorder [#2635](https://github.com/chef/inspec/pull/2635) ([dromazmj](https://github.com/dromazmj)) <!-- 2.0.28 -->
22
+ - http resource: Support OPTIONS method [#2742](https://github.com/chef/inspec/pull/2742) ([cbeckr](https://github.com/cbeckr)) <!-- 2.0.27 -->
23
+ - Ensure we have a proper exit code and report data for ad-hoc runners [#2747](https://github.com/chef/inspec/pull/2747) ([jquick](https://github.com/jquick)) <!-- 2.0.26 -->
24
+ - Various small fixes/adjustments to the integration tests for AWS and Azure [#2745](https://github.com/chef/inspec/pull/2745) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.0.25 -->
25
+ - Move AWS/Azure tests to integration directory [#2675](https://github.com/chef/inspec/pull/2675) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.24 -->
26
+ - Fix inspec check to work with platforms [#2737](https://github.com/chef/inspec/pull/2737) ([jquick](https://github.com/jquick)) <!-- 2.0.23 -->
27
+ - Reword `it` block in `inspec check` tests to match actual test [#2721](https://github.com/chef/inspec/pull/2721) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.22 -->
28
+ - Update maintainers file [#2728](https://github.com/chef/inspec/pull/2728) ([jquick](https://github.com/jquick)) <!-- 2.0.20 -->
29
+ - remove release-2.0 branch from Travis [#2718](https://github.com/chef/inspec/pull/2718) ([juliandunn](https://github.com/juliandunn)) <!-- 2.0.19 -->
30
+ - InSpec SEO [#2725](https://github.com/chef/inspec/pull/2725) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.18 -->
15
31
  <!-- release_rollup -->
16
32
 
17
33
  <!-- latest_stable_release -->
34
+ ## [v2.0.17](https://github.com/chef/inspec/tree/v2.0.17) (2018-02-20)
35
+
36
+ #### Merged Pull Requests
37
+ - Update shell detect to work with platforms [#2712](https://github.com/chef/inspec/pull/2712) ([jquick](https://github.com/jquick))
38
+ <!-- latest_stable_release -->
39
+
18
40
  ## [v2.0.16](https://github.com/chef/inspec/tree/v2.0.16) (2018-02-20)
19
41
 
20
42
  #### Merged Pull Requests
@@ -36,7 +58,6 @@
36
58
  - HM website optimization [#2699](https://github.com/chef/inspec/pull/2699) ([hannah-radish](https://github.com/hannah-radish))
37
59
  - move /tutorial to /demo [#2700](https://github.com/chef/inspec/pull/2700) ([arlimus](https://github.com/arlimus))
38
60
  - HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish))
39
- <!-- latest_stable_release -->
40
61
 
41
62
  ## [v1.51.18](https://github.com/chef/inspec/tree/v1.51.18) (2018-02-12)
42
63
 
data/MAINTAINERS.md CHANGED
@@ -17,7 +17,7 @@ project lead.
17
17
  ## InSpec
18
18
 
19
19
  Handles the [InSpec](https://github.com/chef/inspec) toolset.
20
-
20
+
21
21
  To mention the team, use @chef/inspec-maintainers
22
22
 
23
23
  ### Lieutenant
@@ -29,3 +29,5 @@ To mention the team, use @chef/inspec-maintainers
29
29
  * [Christoph Hartmann](https://github.com/chris-rock)
30
30
  * [Adam Leff](https://github.com/adamleff)
31
31
  * [Alex Pop](https://github.com/alexpop)
32
+ * [Jared Quick](https://github.com/jquick)
33
+
data/MAINTAINERS.toml CHANGED
@@ -26,7 +26,8 @@ project lead.
26
26
  maintainers = [
27
27
  "chris-rock",
28
28
  "adamleff",
29
- "alexpop"
29
+ "alexpop",
30
+ "jquick"
30
31
  ]
31
32
 
32
33
  [people]
@@ -45,3 +46,7 @@ project lead.
45
46
  [people.alexpop]
46
47
  Name = "Alex Pop"
47
48
  GitHub = "alexpop"
49
+
50
+ [people.jquick]
51
+ Name = "Jared Quick"
52
+ GitHub = "jquick"
data/README.md CHANGED
@@ -84,21 +84,20 @@ gem install inspec
84
84
 
85
85
  ### Usage via Docker
86
86
 
87
- Download the image and define an alias for convenience:
87
+ Download the image and define a function for convenience:
88
88
 
89
89
  ```
90
90
  docker pull chef/inspec
91
- alias inspec='docker run -it --rm -v $(pwd):/share chef/inspec'
91
+ function inspec { docker run -it --rm -v $(pwd):/share chef/inspec $@; }
92
92
  ```
93
93
 
94
- If you call inspec from cli, it automatically mounts the current directory into the work directory. Therefore you can easily use local tests and key files. Note: Only files in the current directory are available to the container.
94
+ If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
95
95
 
96
96
  ```
97
97
  $ ls -1
98
98
  vagrant
99
99
  test.rb
100
100
 
101
-
102
101
  $ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
103
102
  ..
104
103
 
data/Rakefile CHANGED
@@ -95,9 +95,9 @@ namespace :test do
95
95
  project_dir = File.dirname(__FILE__)
96
96
  namespace :aws do
97
97
  ['default', 'minimal'].each do |account|
98
- integration_dir = File.join(project_dir, 'test', 'aws', account)
98
+ integration_dir = File.join(project_dir, 'test', 'integration', 'aws', account)
99
99
  attribute_file = File.join(integration_dir, '.attribute.yml')
100
-
100
+
101
101
  task :"setup:#{account}", :tf_workspace do |t, args|
102
102
  tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
103
103
  abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
@@ -111,7 +111,7 @@ namespace :test do
111
111
  sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
112
112
  Rake::Task["test:aws:dump_attrs:#{account}"].execute
113
113
  end
114
-
114
+
115
115
  task :"dump_attrs:#{account}" do
116
116
  sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
117
117
  raw_output = File.read(attribute_file)
@@ -123,7 +123,7 @@ namespace :test do
123
123
  puts "----> Run"
124
124
  sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
125
125
  end
126
-
126
+
127
127
  task :"cleanup:#{account}", :tf_workspace do |t, args|
128
128
  tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
129
129
  abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
@@ -132,7 +132,7 @@ namespace :test do
132
132
  sh("cd #{integration_dir}/build/ && terraform workspace select default")
133
133
  sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
134
134
  end
135
-
135
+
136
136
  task :"#{account}" do
137
137
  tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
138
138
  begin
@@ -151,16 +151,17 @@ namespace :test do
151
151
 
152
152
  namespace :azure do
153
153
  # Specify the directory for the integration tests
154
- integration_dir = 'test/azure'
155
-
154
+ integration_dir = File.join(project_dir, 'test', 'integration', 'azure')
155
+ attribute_file = File.join(integration_dir, '.attribute.yml')
156
156
 
157
- task :init_workspace do
158
- # Initialize terraform workspace
157
+ task :setup, :tf_workspace do |t, args|
158
+ tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
159
+ abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
160
+ puts '----> Setup'
159
161
  sh("cd #{integration_dir}/build/ && terraform init")
160
- end
162
+ sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
161
163
 
162
- task :setup_integration_tests do
163
- puts '----> Setup'
164
+ # Generate Azure crendentials
164
165
  creds = Train.create('azure').connection.connect
165
166
 
166
167
  # Determine the storage account name and the admin password
@@ -171,35 +172,72 @@ namespace :test do
171
172
  suffix = sa_name[0..3]
172
173
 
173
174
  # Create the plan that can be applied to Azure
174
- cmd = format("cd %s/build/ && terraform plan -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'storage_account_name=%s' -var 'admin_password=%s' -var 'suffix=%s' -out inspec-azure.plan", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id], sa_name, admin_password, suffix)
175
+ cmd = ""
176
+ cmd += "cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan"
177
+ cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
178
+ cmd += " -var 'client_id=#{creds[:client_id]}' "
179
+ cmd += " -var 'client_secret=#{creds[:client_secret]}' "
180
+ cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
181
+ cmd += " -var 'storage_account_name=#{sa_name}' "
182
+ cmd += " -var 'admin_password=#{admin_password}' "
183
+ cmd += " -var 'suffix=#{suffix}' "
175
184
  sh(cmd)
176
185
 
177
186
  # Apply the plan on Azure
178
- cmd = format("cd %s/build/ && terraform apply inspec-azure.plan", integration_dir)
187
+ cmd = "cd #{integration_dir}/build/ && terraform apply inspec-azure.plan"
179
188
  sh(cmd)
189
+
190
+ # Dump TF outputs to InSpec attributes file
191
+ Rake::Task["test:azure:dump_attrs"].execute
180
192
  end
181
193
 
182
- task :run_integration_tests do
194
+ task :"dump_attrs" do
195
+ sh("cd #{integration_dir}/build/ && terraform output > #{attribute_file}")
196
+ raw_output = File.read(attribute_file)
197
+ yaml_output = raw_output.gsub(" = ", " : ")
198
+ File.open(attribute_file, "w") {|file| file.puts yaml_output}
199
+ end
200
+
201
+ task :run do
183
202
  puts '----> Run'
184
203
  sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
185
204
  end
186
205
 
187
- task :cleanup_integration_tests do
206
+ task :cleanup, :tf_workspace do |t, args|
207
+ tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
208
+ abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
188
209
  puts '----> Cleanup'
210
+
189
211
  creds = Train.create('azure').connection.connect
190
212
 
191
- cmd = format("cd %s/build/ && terraform destroy -force -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'admin_password=dummy' -var 'storage_account_name=dummy' -var 'suffix=dummy'", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id])
213
+ cmd = ""
214
+ cmd += "cd #{integration_dir}/build/ && terraform destroy -force "
215
+ cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
216
+ cmd += " -var 'client_id=#{creds[:client_id]}' "
217
+ cmd += " -var 'client_secret=#{creds[:client_secret]}' "
218
+ cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
219
+ cmd += " -var 'storage_account_name=dummy' "
220
+ cmd += " -var 'admin_password=dummy' "
221
+ cmd += " -var 'suffix=dummy' "
222
+
192
223
  sh(cmd)
224
+
225
+ sh("cd #{integration_dir}/build/ && terraform workspace select default")
226
+ sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
193
227
  end
194
228
  end
195
229
 
196
230
  desc "Perform Azure Integration Tests"
197
231
  task :azure do
198
- Rake::Task['test:azure:init_workspace'].execute
199
- Rake::Task['test:azure:cleanup_integration_tests'].execute
200
- Rake::Task['test:azure:setup_integration_tests'].execute
201
- Rake::Task['test:azure:run_integration_tests'].execute
202
- Rake::Task['test:azure:cleanup_integration_tests'].execute
232
+ tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
233
+ begin
234
+ Rake::Task["test:azure:setup"].execute({:tf_workspace => tf_workspace})
235
+ Rake::Task["test:azure:run"].execute
236
+ rescue
237
+ abort("Integration testing has failed")
238
+ ensure
239
+ Rake::Task["test:azure:cleanup"].execute({:tf_workspace => tf_workspace})
240
+ end
203
241
  end
204
242
  end
205
243
 
data/docs/matchers.md CHANGED
@@ -1,18 +1,21 @@
1
1
  ---
2
- title: InSpec Matchers Reference
2
+ title: InSpec Universal Matchers Reference
3
3
  ---
4
4
 
5
- # InSpec Matchers Reference
5
+ # InSpec Universal Matchers Reference
6
6
 
7
- Inspec uses matchers to help compare resource values to expectations.
8
- The following matchers are available:
7
+ InSpec uses matchers to help compare resource values to expectations. Matchers may be dedicated to a specific resource (such as the `aws_iam_root_user` resource's [`have_mfa_enabled`](https://www.inspec.io/docs/reference/resources/aws_iam_root_user/#have_mfa_enabled) matcher). If a matcher may be used on any resource type, it is _universal_.
9
8
 
10
- * `be`
11
- * `be_in`
12
- * `cmp`
13
- * `eq`
14
- * `include`
15
- * `match`
9
+ You may also use any matcher provided by [RSpec::Expectations](https://relishapp.com/rspec/rspec-expectations/docs), but those matchers are outside of InSpec's [scope of support](https://www.inspec.io/docs/reference/inspec_and_friends/#rspec).
10
+
11
+ The following InSpec-supported universal matchers are available:
12
+
13
+ * [`be`](#be) - make numeric comparisons
14
+ * [`be_in`](#be_in) - look for the property value in a list
15
+ * [`cmp`](#cmp) - general-use equality (try this first)
16
+ * [`eq`](#eq) - type-specific equality
17
+ * [`include`](#include) - look for an expected value in a list-valued property
18
+ * [`match`](#match) - look for patterns in text using regular expressions
16
19
 
17
20
  <br>
18
21
 
@@ -32,7 +35,7 @@ end
32
35
 
33
36
  ## cmp
34
37
 
35
- Unlike `eq`, cmp is a matcher for less-restrictive comparisons. It will
38
+ Unlike `eq`, `cmp` is a matcher for less-restrictive comparisons. It will
36
39
  try to fit the actual value to the type you are comparing it to. This is
37
40
  meant to relieve the user from having to write type-casts and
38
41
  resolutions.
@@ -116,7 +119,7 @@ describe sshd_config do
116
119
  end
117
120
  ```
118
121
 
119
- It fails if types don't match. Please keep this in mind, when comparing
122
+ `eq` fails if types don't match. Please keep this in mind, when comparing
120
123
  configuration entries that are numbers:
121
124
 
122
125
  ```ruby
@@ -68,9 +68,9 @@ The where accessor can be used to filter on fields. For example:
68
68
 
69
69
  The key filter may be useful in evaluating rules with particular key values:
70
70
 
71
- describe auditd.where { key == "privileged" } do
72
- its('permissions') { should include ['x'] }
73
- end
71
+ describe auditd.where { key == "privileged" } do
72
+ its('permissions') { should include ['x'] }
73
+ end
74
74
 
75
75
  <br>
76
76
 
@@ -0,0 +1,71 @@
1
+ ---
2
+ title: About the aws_config_recorder Resource
3
+ ---
4
+
5
+ # aws\_config\_recorder
6
+
7
+ Use the `aws_config_recorder` InSpec audit resource to test properties of your AWS Config Service.
8
+
9
+ The AWS Config service can monitor and record changes to your AWS resource configurations. The Aws Config Recorder is used to detect changes in resource configurations and capture these changes as configuration items.
10
+
11
+ <br>
12
+
13
+ ## Syntax
14
+
15
+ An `aws_config_recorder` resource block declares the tests for a single AWS configuration recorder.
16
+
17
+ describe aws_config_recorder('my_recorder') do
18
+ it { should exist }
19
+ end
20
+
21
+ describe aws_config_recorder(recorder_name: 'my-recorder') do
22
+ it { should exist }
23
+ end
24
+
25
+ <br>
26
+
27
+ ## Examples
28
+
29
+ The following examples show how to use this InSpec audit resource.
30
+
31
+ ### Test if the recorder is active and recording.
32
+
33
+ describe aws_config_recorder(recorder_name: 'my-recorder') do
34
+ it { should be_recording }
35
+ end
36
+
37
+ ## Properties
38
+
39
+ ### role\_arn
40
+
41
+ Provides the IAM role arn associated with the configuration recorder. The role is used to grant permissions to S3 Buckets, SNS topics and to get configuration details for supported AWS resources.
42
+
43
+ describe aws_config_recorder(username: 'bob')
44
+ its('role_arn') { should eq 'arn:aws:iam::721741954427:role/My_Recorder' }
45
+ end
46
+
47
+ ### resource\_types
48
+
49
+ Provides a list of AWS resource types for which the AWS Config records configuration will change. Note that if be_recording_all_resource_types is true than this property is meaningless and will return and empty array.
50
+
51
+ describe aws_config_recorder(username: 'bob')
52
+ its('resource_types') { should include 'AWS::EC2::CustomerGateway' }
53
+ its('resource_types') { should include 'AWS::EC2::EIP' }
54
+ end
55
+
56
+ <br>
57
+
58
+ ## Matchers
59
+
60
+ ### be\_recording\_all\_resource\_types
61
+
62
+ Indicates if the ConfigurationRecorder will record changes for all resources, regardless of type. If this is true, resource_types is ignored.
63
+
64
+ it { should be_all_supported }
65
+
66
+ ### be\_recording\_all\_global\_types
67
+
68
+ Indicates whether the ConfigurationRecorder will record changes for global resource types (such as IAM Users).
69
+
70
+ it { should be_recording_all_global_types }
71
+
@@ -65,7 +65,7 @@ This InSpec audit resource has the following special matchers. For a full list o
65
65
 
66
66
  ### be\_pending
67
67
 
68
- The `be\_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
68
+ The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
69
69
 
70
70
  it { should be_pending }
71
71
 
@@ -7,9 +7,9 @@ platform: aws
7
7
 
8
8
  Use the `aws_iam_policy` InSpec audit resource to test properties of a single managed AWS IAM Policy.
9
9
 
10
- A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
10
+ A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
11
11
 
12
- Each IAM Policy is uniquely identified by either its policy_name or arn.
12
+ Each IAM Policy is uniquely identified by either its policy\_name or arn.
13
13
 
14
14
  <br>
15
15
 
@@ -142,5 +142,3 @@ The test will pass if the identified policy attached the specified role.
142
142
  describe aws_iam_policy('AWSSupportAccess') do
143
143
  it { should be_attached_to_role(ROLENAME) }
144
144
  end
145
-
146
-
@@ -11,10 +11,10 @@ Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM
11
11
 
12
12
  ## Syntax
13
13
 
14
- # Ensure that a certain role exists by name
15
- describe aws_iam_role('my-role') do
16
- it { should exist }
17
- end
14
+ # Ensure that a certain role exists by name
15
+ describe aws_iam_role('my-role') do
16
+ it { should exist }
17
+ end
18
18
 
19
19
  <br>
20
20
 
@@ -24,13 +24,13 @@ Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM
24
24
 
25
25
  This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
26
26
 
27
- describe aws_iam_role('my-role') do
28
- it { should exist }
29
- end
30
- # Same
31
- describe aws_iam_role(role_name: 'my-role') do
32
- it { should exist }
33
- end
27
+ describe aws_iam_role('my-role') do
28
+ it { should exist }
29
+ end
30
+ # Same
31
+ describe aws_iam_role(role_name: 'my-role') do
32
+ it { should exist }
33
+ end
34
34
 
35
35
  <br>
36
36
 
@@ -52,7 +52,7 @@ This InSpec audit resource has the following special matchers. For a full list o
52
52
 
53
53
  ### exist
54
54
 
55
- Indicates that the Role Name provided was found. Use should_not to test for IAM Roles that should not exist.
55
+ Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
56
56
 
57
57
  describe aws_iam_role('should-be-there') do
58
58
  it { should exist }
@@ -61,5 +61,3 @@ Indicates that the Role Name provided was found. Use should_not to test for IAM
61
61
  describe aws_iam_role('should-not-be-there') do
62
62
  it { should_not exist }
63
63
  end
64
-
65
-
@@ -11,10 +11,10 @@ Use the `aws_route_table` InSpec audit resource to test properties of a single R
11
11
 
12
12
  ## Syntax
13
13
 
14
- # Ensure that a certain route table exists by name
15
- describe aws_route_table('rtb-123abcde') do
16
- it { should exist }
17
- end
14
+ # Ensure that a certain route table exists by name
15
+ describe aws_route_table('rtb-123abcde') do
16
+ it { should exist }
17
+ end
18
18
 
19
19
  ## Resource Parameters
20
20
 
@@ -22,13 +22,13 @@ Use the `aws_route_table` InSpec audit resource to test properties of a single R
22
22
 
23
23
  This resource expects a single parameter that uniquely identifies the Route Table. You may pass it as a string, or as the value in a hash:
24
24
 
25
- describe aws_route_table('rtb-123abcde') do
26
- it { should exist }
27
- end
28
- # Same
29
- describe aws_route_table(route_table_id: 'rtb-123abcde') do
30
- it { should exist }
31
- end
25
+ describe aws_route_table('rtb-123abcde') do
26
+ it { should exist }
27
+ end
28
+ # Same
29
+ describe aws_route_table(route_table_id: 'rtb-123abcde') do
30
+ it { should exist }
31
+ end
32
32
 
33
33
  ## Matchers
34
34
 
@@ -36,7 +36,7 @@ For a full list of available matchers, please visit our [matchers page](https://
36
36
 
37
37
  ### exist
38
38
 
39
- Indicates that the Route Table provided was found. Use should_not to test for Route Tables that should not exist.
39
+ Indicates that the Route Table provided was found. Use `should_not` to test for Route Tables that should not exist.
40
40
 
41
41
  describe aws_route_table('should-be-there') do
42
42
  it { should exist }
@@ -44,7 +44,7 @@ This InSpec resource accepts the following parameters, which are used to search
44
44
 
45
45
  The Security Group ID of the Security Group. This is of the format `sg-` followed by 8 hexadecimal characters. The ID is unique within your AWS account; using ID ensures that you will never match more than one SG. The ID is also the default resource parameter, so you may omit the hash syntax.
46
46
 
47
- # Using Hash syntax
47
+ # Using Hash syntax
48
48
  describe aws_security_group(id: 'sg-12345678') do
49
49
  it { should exist }
50
50
  end
@@ -79,7 +79,7 @@ A string identifying the VPC that contains the security group. Since VPCs common
79
79
 
80
80
  # This will error if there is more than the default SG
81
81
  describe aws_security_group(vpc_id: 'vpc-12345678') do
82
- it { should exist }
82
+ it { should exist }
83
83
  end
84
84
 
85
85
  <br>
@@ -138,15 +138,14 @@ This InSpec audit resource has the following special matchers. For a full list o
138
138
 
139
139
  ### exists
140
140
 
141
- The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist.
141
+ The control will pass if the specified SG was found. Use `should_not` if you want to verify that the specified SG does not exist.
142
142
 
143
143
  # You will always have at least one SG, the VPC default SG
144
144
  describe aws_security_group(group_name: 'default')
145
145
  it { should exist }
146
- end
146
+ end
147
147
 
148
148
  # Make sure we don't have any security groups with the name 'nogood'
149
149
  describe aws_security_group(group_name: 'nogood')
150
150
  it { should_not exist }
151
- end
152
-
151
+ end
@@ -54,7 +54,7 @@ A string identifying a group. Since groups are contained in VPCs, group names ar
54
54
 
55
55
  ## Properties
56
56
 
57
- * `entries`, `group\_ids`
57
+ * `entries`, `group_ids`
58
58
 
59
59
  <br>
60
60
 
@@ -88,5 +88,4 @@ The control will pass if the filter returns at least one result. Use `should_not
88
88
  # You will always have at least one SG, the VPC default SG
89
89
  describe aws_security_groups
90
90
  it { should exist }
91
- end
92
-
91
+ end
@@ -10,16 +10,16 @@ Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS
10
10
 
11
11
  ## Syntax
12
12
 
13
- # Ensure that a topic exists and has at least one subscription
14
- describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
15
- it { should exist }
16
- its('confirmed_subscription_count') { should_not be_zero }
17
- end
13
+ # Ensure that a topic exists and has at least one subscription
14
+ describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
15
+ it { should exist }
16
+ its('confirmed_subscription_count') { should_not be_zero }
17
+ end
18
18
 
19
- # You may also use has syntax to pass the ARN
20
- describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
21
- it { should exist }
22
- end
19
+ # You may also use has syntax to pass the ARN
20
+ describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
21
+ it { should exist }
22
+ end
23
23
 
24
24
  ## Resource Parameters
25
25
 
@@ -27,7 +27,7 @@ Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS
27
27
 
28
28
  This resource expects a single parameter that uniquely identifes the SNS Topic, an ARN. Amazon Resource Names for SNS topics have the format `arn:aws:sns:region:account-id:topicname`. AWS requires a fully-specified ARN for looking up an SNS topic. The account ID and region are required. Wildcards are not permitted.
29
29
 
30
- See also the (AWS documentation on ARNs)[http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html].
30
+ See also the [AWS documentation on ARNs](http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
31
31
 
32
32
  <br>
33
33
 
@@ -50,7 +50,7 @@ This InSpec audit resource has the following special matchers. For a full list o
50
50
 
51
51
  ### exist
52
52
 
53
- Indicates that the ARN provided was found. Use should_not to test for SNS topics that should not exist.
53
+ Indicates that the ARN provided was found. Use `should_not` to test for SNS topics that should not exist.
54
54
 
55
55
  # Expect good news
56
56
  describe aws_sns_topic('arn:aws:sns:*::good-news') do
@@ -60,4 +60,4 @@ Indicates that the ARN provided was found. Use should_not to test for SNS topic
60
60
  # No bad news allowed
61
61
  describe aws_sns_topic('arn:aws:sns:*::bad-news') do
62
62
  it { should_not exist }
63
- end
63
+ end
@@ -68,7 +68,8 @@ The following examples show how to use this InSpec audit resource.
68
68
 
69
69
  ## Property Examples
70
70
 
71
- ### Test a special time string
71
+
72
+ ### Test a special time string
72
73
 
73
74
  describe crontab do
74
75
  its('minutes') { should cmp '0' }