inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,76 +0,0 @@
1
- ---
2
- title: About the aws_ebs_volume Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_ebs\_volume
7
-
8
- Use the `aws_ebs_volume` InSpec audit resource to test properties of a single AWS EBS volume.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ## Syntax
19
-
20
- An `aws_ebs_volume` resource block declares the tests for a single AWS EBS volume by either name or id.
21
-
22
- describe aws_ebs_volume('vol-01a2349e94458a507') do
23
- it { should exist }
24
- end
25
-
26
- describe aws_ebs_volume(name: 'data-vol') do
27
- it { should be_encrypted }
28
- end
29
-
30
- <br>
31
-
32
- ## Examples
33
-
34
- The following examples show how to use this InSpec audit resource.
35
-
36
- ### Test that an EBS Volume does not exist
37
-
38
- describe aws_ebs_volume(name: 'data_vol') do
39
- it { should_not exist }
40
- end
41
-
42
- ### Test that an EBS Volume is encrypted
43
-
44
- describe aws_ebs_volume(name: 'secure_data_vol') do
45
- it { should be_encrypted }
46
- end
47
-
48
- ### Test that an EBS Volume the correct size
49
-
50
- describe aws_ebs_volume(name: 'data_vol') do
51
- its('size') { should cmp 32 }
52
- end
53
-
54
- <br>
55
-
56
- ## Properties
57
-
58
- * `availability_zone`, `encrypted`, `iops`, `kms_key_id`, `size`, `snapshot_id`, `state`, `volume_type`
59
-
60
- <br>
61
-
62
- ## Matchers
63
-
64
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
65
-
66
- ### be\_encrypted
67
-
68
- The `be_encrypted` matcher tests if the described EBS Volume is encrypted.
69
-
70
- it { should be_encrypted }
71
-
72
- ## AWS Permissions
73
-
74
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVolumes`, and `iam:GetInstanceProfile` actions set to allow.
75
-
76
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
@@ -1,86 +0,0 @@
1
- ---
2
- title: About the aws_ebs_volumes Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_ebs\_volumes
7
-
8
- Use the `aws_ebs_volumes` InSpec audit resource to test properties of some or all AWS EBS volumes. To audit a single EBS volume, use `aws_ebs_volume` (singular).
9
-
10
- EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.
11
-
12
- Each EBS volume is uniquely identified by its ID.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ## Syntax
23
-
24
- An `aws_ebs_volumes` resource block collects a group of EBS volumes and then tests that group.
25
-
26
- # Ensure you have exactly 3 volumes
27
- describe aws_ebs_volumes do
28
- its('volume_ids.count') { should cmp 3 }
29
- end
30
-
31
- # Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ebs_volume`.
32
- aws_ebs_volumes.volume_ids.each do |volume_id|
33
- describe aws_ebs_volume(volume_id) do
34
- it { should exist }
35
- it { should be_encrypted }
36
- its('size') { should cmp 8 }
37
- its('iops') { should cmp 100 }
38
- end
39
- end
40
-
41
- <br>
42
-
43
- ## Examples
44
-
45
- As this is the initial release of `aws_ebs_volumes`, its limited functionality precludes examples.
46
-
47
- <br>
48
-
49
- ## Filter Criteria
50
-
51
- This resource currently does not support any filter criteria; it will always fetch all volumes in the region.
52
-
53
- ## Properties
54
-
55
- ### entries
56
-
57
- Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.
58
-
59
- # Allow at most 100 EBS volumes on the account
60
- describe aws_ebs_volumes do
61
- its('entries.count') { should be <= 100 }
62
- end
63
-
64
- ### volume_ids
65
-
66
- Provides a list of the volume ids that were found in the query.
67
-
68
- describe aws_ebs_volumes do
69
- its('volume_ids') { should include 'vol-12345678' }
70
- its('volume_ids.count') { should cmp 3 }
71
- end
72
-
73
- <br>
74
-
75
- ## Matchers
76
-
77
- For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
78
-
79
- ### exist
80
-
81
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
82
-
83
- # Verify that at least one EBS volume exists
84
- describe aws_ebs_volumes do
85
- it { should exist }
86
- end
@@ -1,122 +0,0 @@
1
- ---
2
- title: About the aws_ec2_instance Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_ec2\_instance
7
-
8
- Use the `aws_ec2_instance` InSpec audit resource to test properties of a single AWS EC2 instance.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v2.0.16 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `aws_ec2_instance` resource block declares the tests for a single AWS EC2 instance by either name or id.
25
-
26
- describe aws_ec2_instance('i-01a2349e94458a507') do
27
- it { should exist }
28
- end
29
-
30
- describe aws_ec2_instance(name: 'my-instance') do
31
- it { should be_running }
32
- end
33
-
34
- <br>
35
-
36
- ## Examples
37
-
38
- The following examples show how to use this InSpec audit resource.
39
-
40
- ### Test that an EC2 instance does not exist
41
-
42
- describe aws_ec2_instance(name: 'dev-server') do
43
- it { should_not exist }
44
- end
45
-
46
- ### Test that an EC2 instance is running
47
-
48
- describe aws_ec2_instance(name: 'prod-database') do
49
- it { should be_running }
50
- end
51
-
52
- ### Test that an EC2 instance is using the correct image ID
53
-
54
- describe aws_ec2_instance(name: 'my-instance') do
55
- its('image_id') { should eq 'ami-27a58d5c' }
56
- end
57
-
58
- ### Test that an EC2 instance has the correct tag
59
-
60
- describe aws_ec2_instance('i-090c29e4f4c165b74') do
61
- its('tags') { should include(key: 'Contact', value: 'Gilfoyle') }
62
- end
63
-
64
- <br>
65
-
66
- ## Properties
67
-
68
- * `architecture`, `client_token`, `image_id`,`instance_type`, `key_name`, `launch_time`,`private_ip_address`, `private_dns_name`, `public_dns_name`, `public_ip_address`, `root_device_type`, `root_device_name`, `security_group_ids`, `subnet_id`, `tags`,`virtualization_type`, `vpc_id`
69
-
70
- <br>
71
-
72
- ## Matchers
73
-
74
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
75
-
76
- ### be\_pending
77
-
78
- The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
79
-
80
- it { should be_pending }
81
-
82
- ### be\_running
83
-
84
- The `be_running` matcher tests if the described EC2 instance state is `running`. This indicates the instance is fully operational from AWS's perspective.
85
-
86
- it { should be_running }
87
-
88
- ### be\_shutting\_down
89
-
90
- The `be_shutting_down` matcher tests if the described EC2 instance state is `shutting-down`. This indicates the instance has received a termination command and is in the process of being permanently halted and de-provisioned. This state should be temporary.
91
-
92
- it { should be_shutting_down }
93
-
94
- ### be\_stopped
95
-
96
- The `be_stopped` matcher tests if the described EC2 instance state is `stopped`. This indicates that the instance is suspended and may be started again.
97
-
98
- it { should be_stopped }
99
-
100
- ### be\_stopping
101
-
102
- The `be_stopping` matcher tests if the described EC2 instance state is `stopping`. This indicates that an AWS stop command has been issued, which will suspend the instance in an OS-unaware manner. This state should be temporary.
103
-
104
- it { should be_stopping }
105
-
106
- ### be\_terminated
107
-
108
- The `be_terminated` matcher tests if the described EC2 instance state is `terminated`. This indicates the instance is permanently halted and will be removed from the instance listing in a short period. This state should be temporary.
109
-
110
- it { should be_terminated }
111
-
112
- ### be\_unknown
113
-
114
- The `be_unknown` matcher tests if the described EC2 instance state is `unknown`. This indicates an error condition in the AWS management system. This state should be temporary.
115
-
116
- it { should be_unknown }
117
-
118
- ## AWS Permissions
119
-
120
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
121
-
122
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
@@ -1,89 +0,0 @@
1
- ---
2
- title: About the aws_ec2_instances Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_ec2\_instances
7
-
8
- Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
9
-
10
- EC2 instances are the basic unit of computing within AWS. An instance is a virtual machine that contains a running OS, and may be created or destroyed by code.
11
-
12
- Each EC2 instance is uniquely identified by its ID.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ### Version
23
-
24
- This resource first became available in v2.1.72 of InSpec.
25
-
26
- ## Syntax
27
-
28
- An `aws_ec2_instances` resource block collects a group of EC2 Instances and then tests that group.
29
-
30
- # Ensure you have exactly 3 instances
31
- describe aws_ec2_instances do
32
- its('instance_ids.count') { should cmp 3 }
33
- end
34
-
35
- # Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ec2_instance`.
36
- aws_ec2_instances.instance_ids.each do |instance_id|
37
- describe aws_ec2_instance(instance_id) do
38
- its('key_name') { should cmp 'admin-ssh-key' }
39
- end
40
- end
41
-
42
- <br>
43
-
44
- ## Examples
45
-
46
- As this is the initial release of `aws_ec2_instances`, its limited functionality precludes examples.
47
-
48
- <br>
49
-
50
- ## Filter Criteria
51
-
52
- This resource currently does not support any filter criteria; it will always fetch all instances in the region.
53
-
54
- ## Properties
55
-
56
- ### entries
57
-
58
- Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.
59
-
60
- # Allow at most 100 EC2 Instances on the account
61
- describe aws_ec2_instances do
62
- its('entries.count') { should be <= 100}
63
- end
64
-
65
-
66
- ### instance_ids
67
-
68
- Provides a list of the instance ids that were found in the query.
69
-
70
- describe aws_ec2_instances do
71
- its('instance_ids') { should include('i-12345678') }
72
- its('instance_ids.count') { should cmp 3) }
73
- end
74
-
75
- <br>
76
-
77
- ## Matchers
78
-
79
- For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
80
-
81
- ### exist
82
-
83
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
84
-
85
- # Verify that at least one EC2 Instance exists.
86
- describe aws_ec2_instances
87
- it { should exist }
88
- end
89
-
@@ -1,154 +0,0 @@
1
- ---
2
- title: About the aws_elb Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_elb
7
-
8
- Use the `aws_elb` InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB, also known as a Classic Load Balancer).
9
-
10
- To audit ELBs in bulk or to search, use `aws_elbs` (plural).
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v2.2.10 of InSpec.
23
-
24
- ## Resource Parameters
25
-
26
- An `aws_elb` resource block declares the tests for a single AWS ELB by ELB name.
27
-
28
- describe aws_elb('my-elb') do
29
- it { should exist }
30
- end
31
-
32
- describe aws_elb(elb_name: 'my-elb') do
33
- its('instance_ids.count') { should cmp 2 }
34
- end
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Test that an ELB does not exist
43
-
44
- describe aws_elb('bad-elb') do
45
- it { should_not exist }
46
- end
47
-
48
- ### Test that an ELB has a presence in at least two availability zones
49
-
50
- describe aws_elb('web') do
51
- its('availability_zones.count') { should be > 1 }
52
- end
53
-
54
- <br>
55
-
56
- ## Properties
57
-
58
- ### availability\_zones
59
-
60
- Returns an array of strings identifying which availability zones in which the load balancer is located.
61
-
62
- # Verify we are in both us-east-2a and us-east-2b
63
- describe aws_elb('web-elb') do
64
- its('availability_zones') { should include 'us-east-2a' }
65
- its('availability_zones') { should include 'us-east-2b' }
66
- end
67
-
68
- ### dns\_name
69
-
70
- Returns the FQDN of the load balancer. This is the hostname which is exposed to the world.
71
-
72
- # Ensure that the ELB has a DNS name
73
- describe aws_elb('web-elb') do
74
- its('dns_name') { should match /\.com/ }
75
- end
76
-
77
- ### elb\_name
78
-
79
- The name of the ELB within AWS. The ELB name is unique within the region.
80
-
81
- # Ensure that the ELB's name is what we said it was
82
- describe aws_elb('web-elb') do
83
- its('elb_name') { should match /web-elb/ }
84
- end
85
-
86
- ### external\_ports
87
-
88
- Returns an array of integers reflecting the public-facing ports on which the load balancer will be listening for traffic.
89
-
90
- # Ensure that we are listening on port 80 and nothing else
91
- describe aws_elb('web-elb') do
92
- its('external_ports') { should include 80 }
93
- its('external_ports.count') { should cmp 1 }
94
- end
95
-
96
- ### instance\_ids
97
-
98
- Returns an array of strings reflecting the instance IDs of the EC2 instances attached to the ELB.
99
-
100
- # Ensure that a specific instance is attached
101
- describe aws_elb('web-elb') do
102
- its('instance_ids') { should include 'i-12345678' }
103
- end
104
-
105
-
106
- ### internal\_ports
107
-
108
- Returns an array of integers reflecting the EC2-facing ports on which the load balancer will be sending traffic to.
109
-
110
- # Ensure that we are sending traffic to port 80 on the instances and nothing else
111
- describe aws_elb('web-elb') do
112
- its('internal_ports') { should include 80 }
113
- its('internal_ports.count') { should cmp 1 }
114
- end
115
-
116
- ### security\_group\_ids
117
-
118
- Returns an array of strings reflecting the security group IDs (firewall rule sets) assigned to the ELB.
119
-
120
- # Ensure that a specific SG ID is assigned
121
- describe aws_elb('web-elb') do
122
- its('security_group_ids') { should include 'sg-12345678' }
123
- end
124
-
125
- ### subnet\_ids
126
-
127
- Returns an array of strings reflecting the subnet IDs on which the ELB is located.
128
-
129
- # Ensure that the ELB is on a specific subnet
130
- describe aws_elb('web-elb') do
131
- its('subnet_ids') { should include 'subnet-12345678' }
132
- end
133
-
134
- ### vpc\_id
135
-
136
- Returns a String reflecting the ID of the VPC in which the ELB is located.
137
-
138
- # Ensure that the ELB is on a specific VPC
139
- describe aws_elb('web-elb') do
140
- its('vpc_id') { should cmp 'vpc-12345678' }
141
- end
142
-
143
- <br>
144
-
145
- ## Matchers
146
-
147
- This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
148
-
149
-
150
- ## AWS Permissions
151
-
152
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
153
-
154
- You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)