inspec 2.1.72 → 2.1.78

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 534b2e87a2c65b5c196e7af32599623cd4033a4d
-  data.tar.gz: 7f2a83fe85d5bf848f1d7747eecd65257ce3502e
+  metadata.gz: a6913cacdff2e1163ad9a0bc7fede6da1e0a0bf5
+  data.tar.gz: 1b51c4ecd913682ca233bbae1e8aa7582a3e8b5c
 SHA512:
-  metadata.gz: 9359c6eb7b7fd9920d25307d99d237d93e8fb3f47c66e16e86c858b1522edfba0a0e2787e9038a7eee2fbbd04a2514cac91b4486d5d3ab292f5e8b6636aba734
-  data.tar.gz: 87d990b0be675e94be9c9a327e379ab77c382fd55e82ef8cfe1eadb7f572eab309e2e4dbebb53c4c58fe53ef73918ce7dfb51d264121fcc1f8a5f456855d2f76
+  metadata.gz: cdf492653c8f0b3de9d55712866c8246fb03fe71ad8181b8b5adc1726da3c7120caeaa53e14ede1dc0e8c807a1c2a0611ab2daf828963ac59c68e88cff949a77
+  data.tar.gz: 51930b4e867974a431ae272cefe7c9c8f4aec67d0311eddff3dfc15f6f5617a3e69f34dbcee4c6bb9b3c097fb454d9a0bbdd13e5035489a770a93dfdabae92bc

data/CHANGELOG.md

@@ -1,34 +1,46 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 2.1.72 -->
-## [v2.1.72](https://github.com/chef/inspec/tree/v2.1.72) (2018-05-10)
+<!-- latest_release 2.1.78 -->
+## [v2.1.78](https://github.com/chef/inspec/tree/v2.1.78) (2018-05-16)
 
-#### New Resources
-- Skeletal aws_ec2_instances resource [#3023](https://github.com/chef/inspec/pull/3023) ([clintoncwolfe](https://github.com/clintoncwolfe))
+#### Merged Pull Requests
+- Adds middleware dependecy for Azure [#3061](https://github.com/chef/inspec/pull/3061) ([dmccown](https://github.com/dmccown))
 <!-- latest_release -->
 
-<!-- release_rollup since=2.1.68 -->
-### Changes since 2.1.68 release
+<!-- release_rollup since=2.1.72 -->
+### Changes since 2.1.72 release
+
+#### Merged Pull Requests
+- Adds middleware dependecy for Azure [#3061](https://github.com/chef/inspec/pull/3061) ([dmccown](https://github.com/dmccown)) <!-- 2.1.78 -->
+- Add train GCP transport [#3046](https://github.com/chef/inspec/pull/3046) ([jquick](https://github.com/jquick)) <!-- 2.1.77 -->
+- Fix www build for node v10 [#3049](https://github.com/chef/inspec/pull/3049) ([miah](https://github.com/miah)) <!-- 2.1.76 -->
+- Add a passthrough for report_uuid [#3057](https://github.com/chef/inspec/pull/3057) ([jquick](https://github.com/jquick)) <!-- 2.1.75 -->
+- Updating Copy To Clipboard for ruby users InSpec installation command [#3054](https://github.com/chef/inspec/pull/3054) ([subramani95](https://github.com/subramani95)) <!-- 2.1.74 -->
+
+#### Bug Fixes
+- Fix matcher output when the args to the matcher are a hash for two resources [#3044](https://github.com/chef/inspec/pull/3044) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.1.73 -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v2.1.72](https://github.com/chef/inspec/tree/v2.1.72) (2018-05-10)
 
 #### New Resources
-- Skeletal aws_ec2_instances resource [#3023](https://github.com/chef/inspec/pull/3023) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.1.72 -->
+- Skeletal aws_ec2_instances resource [#3023](https://github.com/chef/inspec/pull/3023) ([clintoncwolfe](https://github.com/clintoncwolfe))
 
 #### Enhancements
-- Add git dependency to habitat plan. [#3037](https://github.com/chef/inspec/pull/3037) ([phiggins](https://github.com/phiggins)) <!-- 2.1.71 -->
+- Add git dependency to habitat plan. [#3037](https://github.com/chef/inspec/pull/3037) ([phiggins](https://github.com/phiggins))
 
 #### Bug Fixes
-- Allow the depends key to be exposed in json profiles report [#3033](https://github.com/chef/inspec/pull/3033) ([jquick](https://github.com/jquick)) <!-- 2.1.70 -->
+- Allow the depends key to be exposed in json profiles report [#3033](https://github.com/chef/inspec/pull/3033) ([jquick](https://github.com/jquick))
 
 #### Merged Pull Requests
-- Fix typo in os_env_spec [#3028](https://github.com/chef/inspec/pull/3028) ([Happycoil](https://github.com/Happycoil)) <!-- 2.1.69 -->
-<!-- release_rollup -->
-
+- Fix typo in os_env_spec [#3028](https://github.com/chef/inspec/pull/3028) ([Happycoil](https://github.com/Happycoil))
 <!-- latest_stable_release -->
+
 ## [v2.1.68](https://github.com/chef/inspec/tree/v2.1.68) (2018-05-04)
 
 #### Merged Pull Requests
 - Fix the A2 vendoring with depends on the A2 server [#3022](https://github.com/chef/inspec/pull/3022) ([jquick](https://github.com/jquick))
-<!-- latest_stable_release -->
 
 ## [v2.1.67](https://github.com/chef/inspec/tree/v2.1.67) (2018-05-03)
 

data/Gemfile

@@ -27,7 +27,7 @@ group :test do
 end
 
 group :integration do
-  gem 'berkshelf', '~> 4.3'
+  gem 'berkshelf', '~> 5.2'
   gem 'test-kitchen', '~> 1.6'
   gem 'kitchen-vagrant'
   # we need winrm v2 support >= 0.15.1

data/docs/resources/aws_cloudtrail_trail.md.erb

@@ -55,7 +55,7 @@ The following examples show how to use this InSpec audit resource.
 
 ## Properties
 
-* `s3_bucket_name`, `trail_arn`, `cloud_watch_logs_role_arn`, `cloud_watch_logs_log_group_arn`, `kms_key_id`, `home_region`, 
+* `s3_bucket_name`, `trail_arn`, `cloud_watch_logs_role_arn`, `cloud_watch_logs_log_group_arn`, `kms_key_id`, `home_region`,
 
 <br>
 
@@ -95,7 +95,7 @@ Specifies a log group name using an Amazon Resource Name (ARN), a unique identif
 
 ### kms\_key\_id
 
-Specifies the KMS key ID to used to encrypt the logs delivered by CloudTrail. 
+Specifies the KMS key ID to used to encrypt the logs delivered by CloudTrail.
 
     describe aws_cloudtrail_trail('trail-name') do
       its('kms_key_id') { should include "key-arn" }
@@ -108,11 +108,11 @@ Specifies the region in which the trail was created.
     describe aws_cloudtrail_trail('trail-name') do
       its('home_region') { should include "us-east-1" }
     end
-    
+
 ### delivered\_logs\_days\_ago
 
 Specifies the number of days ago the CloudTrail delivered logs to CloudWatch Logs.
-    
+
     # Ensure the latest delivery time was recent
     describe aws_cloudtrail_trail('trail-name') do
       its('delivered_logs_days_ago') { should eq 0 }
@@ -147,3 +147,9 @@ The test will pass if the identified trail has log file integrity validation is
     describe aws_cloudtrail_trail('trail-name') do
       it { should be_log_file_validation_enabled }
     end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).

data/docs/resources/aws_cloudtrail_trails.md.erb

@@ -77,5 +77,10 @@ The control will pass if the filter returns at least one result. Use `should_not
     # Verify that at least one CloudTrail Trail exists.
     describe aws_cloudtrail_trails
       it { should exist }
-    end   
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudtrail:DescribeTrails` action with Effect set to Allow.
 
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awscloudtrail.html).

data/docs/resources/aws_cloudwatch_alarm.md.erb

@@ -34,9 +34,9 @@ The following examples show how to use this InSpec audit resource.
     describe aws_cloudwatch_alarm(
       metric: 'my-metric-name',
       metric_namespace: 'my-metric-namespace',
-    ) do 
+    ) do
       its('alarm_actions') { should_not be_empty }
-    end 
+    end
 
 <br>
 
@@ -54,7 +54,7 @@ The following examples show how to use this InSpec audit resource.
     describe aws_cloudwatch_alarm(
       metric: 'bed-metric',
       metric_namespace: 'my-metric-namespace',
-    ) do 
+    ) do
       its('alarm_actions') { should_not be_empty }
     end
 
@@ -72,7 +72,7 @@ The control will pass if a Cloudwatch Alarm could be found. Use `should_not` if
     describe aws_cloudwatch_alarm(
       metric: 'good-metric',
       metric_namespace: 'my-metric-namespace',
-    ) do 
+    ) do
       it { should exist }
     end
 
@@ -80,7 +80,12 @@ The control will pass if a Cloudwatch Alarm could be found. Use `should_not` if
     describe aws_cloudwatch_alarm(
       metric: 'bed-metric',
       metric_namespace: 'my-metric-namespace',
-    ) do 
+    ) do
       it { should_not exist }
     end
 
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudwatch:DescribeAlarmsForMetric` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html).

data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb

@@ -99,7 +99,7 @@ The name of the LMF within the `log_group`.
 
 The name of the log group that the LMF is watching.
 
-    # Check which log group the LMF 'error-watcher' is watching 
+    # Check which log group the LMF 'error-watcher' is watching
     describe aws_cloudwatch_log_metric_filter(
       filter_name: 'error-watcher',
     ) do
@@ -147,5 +147,8 @@ Matches (i.e., passes the test) if the resource parameters (search criteria) wer
       it { should exist }
     end
 
+## AWS Permissions
 
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `cloudwatch:DescribeAlarmsForMetric` action with Effect set to Allow.
 
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon CloudWatch](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html).

data/docs/resources/aws_config_delivery_channel.md.erb

@@ -44,7 +44,7 @@ The following examples show how to use this InSpec audit resource.
     describe aws_config_delivery_channel(channel_name: 'my-recorder') do
       its(delivery_frequency_in_hours) { should be > 3 }
     end
-    
+
 ## Properties
 
 ### channel\_name
@@ -71,7 +71,7 @@ Provides the name of the s3 bucket that the channel sends configuration changes
     describe aws_config_delivery_channel(channel_name: 'my_channel')
       its('s3_bucket_name') { should eq 'my_bucket' }
     end
-    
+
 ### s3\_key\_prefix
 
 Provides the s3 object key prefix (or "path") under which configuration data will be recorded.
@@ -79,7 +79,7 @@ Provides the s3 object key prefix (or "path") under which configuration data wil
     describe aws_config_delivery_channel(channel_name: 'my_channel')
       its('s3_key_prefix') { should eq 'log/' }
     end
-    
+
 ### sns\_topic\_arn
 
 Provides the ARN of the SNS topic for which the channel sends notifications about configuration changes.
@@ -87,10 +87,15 @@ Provides the ARN of the SNS topic for which the channel sends notifications abou
     describe aws_config_delivery_channel(channel_name: 'my_channel')
       its('sns_topic_arn') { should eq 'arn:aws:sns:us-east-1:721741954427:sns_topic' }
     end
-    
+
 <br>
 
 ## Matchers
 
 This resource provides no matchers, aside from the standard `exist` matcher.
 
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `config:DescribeDeliveryChannels` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html).

data/docs/resources/aws_config_recorder.md.erb

@@ -43,7 +43,7 @@ The following examples show how to use this InSpec audit resource.
     describe aws_config_recorder(recorder_name: 'my-recorder') do
       it { should be_recording }
     end
-    
+
 ## Properties
 
 ### role\_arn
@@ -53,7 +53,7 @@ Provides the IAM role arn associated with the configuration recorder.  The role
     describe aws_config_recorder(username: 'bob')
       its('role_arn') { should eq 'arn:aws:iam::721741954427:role/My_Recorder' }
     end
-    
+
 ### resource\_types
 
 Provides a list of AWS resource types for which the AWS Config records configuration will change. Note that if be_recording_all_resource_types is true than this property is meaningless and will return and empty array.
@@ -62,7 +62,7 @@ Provides a list of AWS resource types for which the AWS Config records configura
       its('resource_types') { should include 'AWS::EC2::CustomerGateway' }
       its('resource_types') { should include 'AWS::EC2::EIP' }
     end
-    
+
 <br>
 
 ## Matchers
@@ -72,10 +72,15 @@ Provides a list of AWS resource types for which the AWS Config records configura
 Indicates if the ConfigurationRecorder will record changes for all resources, regardless of type. If this is true, resource_types is ignored.
 
       it { should be_recording_all_resource_types }
-      
+
 ### be\_recording\_all\_global\_types
 
-Indicates whether the ConfigurationRecorder will record changes for global resource types (such as IAM Users).
+Indicates whether the ConfigurationRecorder will record changes for global resource types (such as [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal)s).
 
       it { should be_recording_all_global_types }
 
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `config:DescribeConfigurationRecorders` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for AWS Config](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsconfig.html).

data/docs/resources/aws_ec2_instance.md.erb

@@ -104,3 +104,9 @@ The `be_terminated` matcher tests if the described EC2 instance state is `termin
 The `be_unknown` matcher tests if the described EC2 instance state is `unknown`. This indicates an error condition in the AWS management system. This state should be temporary.
 
     it { should be_unknown }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_access_key.md.erb

@@ -11,7 +11,7 @@ Use the `aws_iam_access_key` InSpec audit resource to test properties of a singl
 
 ## Syntax
 
-An `aws_iam_access_key` resource block declares the tests for a single AWS IAM access key. An access key is uniquely identified by its access key id. 
+An `aws_iam_access_key` resource block declares the tests for a single AWS IAM access key. An access key is uniquely identified by its access key id.
 
     # This is unique - the key will either exist or it won't, but it will never be an error.
     describe aws_iam_access_key(access_key_id: 'AKIA12345678ABCD') do
@@ -25,7 +25,7 @@ An `aws_iam_access_key` resource block declares the tests for a single AWS IAM a
     describe aws_iam_access_key(id: 'AKIA12345678ABCD') do
       # Same
     end
-    
+
 
 Access keys are associated with IAM users, who may have zero, one or two access keys. You may also lookup an access key by username. If the user has more than one access key, an error occurs (You may use `aws_iam_access_keys` with the `username` resource parameter to access a user's keys when they have multiple keys.)
 
@@ -121,3 +121,9 @@ This InSpec audit resource has the following special matchers. For a full list o
 The `be_active` matcher tests if the described IAM access key is active.
 
     it { should be_active }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListAccessKeys` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_access_keys.md.erb

@@ -7,7 +7,7 @@ platform: aws
 
 Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all IAM Access Keys.
 
-To test properties of a single Access Key, use the `aws_iam_access_key` resource instead. 
+To test properties of a single Access Key, use the `aws_iam_access_key` resource instead.
 To test properties of an individual user's access keys, use the `aws_iam_user` resource.
 
 Access Keys are closely related to AWS User resources. Use this resource to perform audits of all keys or of keys specified by criteria unrelated to any particular user.
@@ -26,12 +26,12 @@ An `aws_iam_access_keys` resource block uses an optional filter to select a grou
     # Don't let fred have access keys, using filter argument syntax
     describe aws_iam_access_keys.where(username: 'fred') do
       it { should_not exist }
-    end  
+    end
 
     # Don't let fred have access keys, using filter block syntax (most flexible)
     describe aws_iam_access_keys.where { username == 'fred' } do
       it { should_not exist }
-    end    
+    end
 
 <br>
 
@@ -43,7 +43,7 @@ The following examples show how to use this InSpec audit resource.
 
     describe aws_iam_access_keys.where { created_days_ago > 90 } do
       it { should_not exist }
-    end 
+    end
 
 <br>
 
@@ -195,4 +195,10 @@ The control will pass if the filter returns at least one result. Use `should_not
     # Don't let fred have access keys
     describe aws_iam_access_keys.where(username: 'fred') do
       it { should_not exist }
-    end   
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListAccessKeys`, and `iam:ListUsers` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_group.md.erb

@@ -56,3 +56,9 @@ The control will pass if a group with the given group name exists.
     describe aws_iam_group('mygroup')
       it { should exist }
     end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetGroup` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_groups.md.erb

@@ -32,7 +32,7 @@ As this is the initial release of `aws_iam_groups`, its limited functionality pr
 
 ## Matchers
 
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### exists
 
@@ -41,3 +41,9 @@ The control will pass if the filter returns at least one result. Use `should_not
     describe aws_iam_groups
       it { should exist }
     end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListGroups` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_password_policy.md.erb

@@ -71,6 +71,12 @@ The following examples show how to use this InSpec audit resource.
 
 ## Matchers
 
-This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
+This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 * `allows_users_to_change_passwords`, `expire_passwords`, `prevent_password_reuse`, `require_lowercase_characters` , `require_uppercase_characters`, `require_numbers`, `require_symbols`
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetAccountPasswordPolicy` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_policies.md.erb

@@ -7,7 +7,7 @@ platform: aws
 
 Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.
 
-A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied. 
+A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
 
 Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
 
@@ -69,7 +69,7 @@ Provides access to the raw results of the query. This can be useful for checking
 
 ## Matchers
 
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### exists
 
@@ -78,5 +78,10 @@ The control will pass if the filter returns at least one result. Use `should_not
     # Verify that at least one IAM Policies exists.
     describe aws_iam_policies
       it { should exist }
-    end   
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListPolicies` action with Effect set to Allow.
 
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).