RubyGems - inspec - Versions diffs - 2.3.10 → 2.3.23 - Mend

inspec 2.3.10 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +34 -13
data/etc/plugin_filters.json +25 -0
data/inspec.gemspec +3 -3
data/lib/bundles/inspec-compliance/api.rb +3 -0
data/lib/bundles/inspec-compliance/configuration.rb +3 -0
data/lib/bundles/inspec-compliance/http.rb +3 -0
data/lib/bundles/inspec-compliance/support.rb +3 -0
data/lib/bundles/inspec-compliance/target.rb +3 -0
data/lib/inspec/objects/attribute.rb +3 -0
data/lib/inspec/plugin/v2.rb +3 -0
data/lib/inspec/plugin/v2/filter.rb +62 -0
data/lib/inspec/plugin/v2/installer.rb +21 -1
data/lib/inspec/plugin/v2/loader.rb +4 -0
data/lib/inspec/profile.rb +3 -1
data/lib/inspec/version.rb +1 -1
data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
data/lib/resources/package.rb +1 -1
metadata +5 -253
data/MAINTAINERS.toml +0 -52
data/docs/.gitignore +0 -2
data/docs/README.md +0 -41
data/docs/dev/control-eval.md +0 -62
data/docs/dev/filtertable-internals.md +0 -353
data/docs/dev/filtertable-usage.md +0 -533
data/docs/dev/integration-testing.md +0 -31
data/docs/dev/plugins.md +0 -323
data/docs/dsl_inspec.md +0 -354
data/docs/dsl_resource.md +0 -100
data/docs/glossary.md +0 -381
data/docs/habitat.md +0 -193
data/docs/inspec_and_friends.md +0 -114
data/docs/matchers.md +0 -161
data/docs/migration.md +0 -293
data/docs/platforms.md +0 -119
data/docs/plugin_kitchen_inspec.md +0 -60
data/docs/plugins.md +0 -57
data/docs/profiles.md +0 -576
data/docs/reporters.md +0 -170
data/docs/resources/aide_conf.md.erb +0 -86
data/docs/resources/apache.md.erb +0 -77
data/docs/resources/apache_conf.md.erb +0 -78
data/docs/resources/apt.md.erb +0 -81
data/docs/resources/audit_policy.md.erb +0 -57
data/docs/resources/auditd.md.erb +0 -89
data/docs/resources/auditd_conf.md.erb +0 -78
data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
data/docs/resources/aws_config_recorder.md.erb +0 -96
data/docs/resources/aws_ebs_volume.md.erb +0 -76
data/docs/resources/aws_ebs_volumes.md.erb +0 -86
data/docs/resources/aws_ec2_instance.md.erb +0 -122
data/docs/resources/aws_ec2_instances.md.erb +0 -89
data/docs/resources/aws_elb.md.erb +0 -154
data/docs/resources/aws_elbs.md.erb +0 -252
data/docs/resources/aws_flow_log.md.erb +0 -128
data/docs/resources/aws_iam_access_key.md.erb +0 -139
data/docs/resources/aws_iam_access_keys.md.erb +0 -214
data/docs/resources/aws_iam_group.md.erb +0 -74
data/docs/resources/aws_iam_groups.md.erb +0 -92
data/docs/resources/aws_iam_password_policy.md.erb +0 -92
data/docs/resources/aws_iam_policies.md.erb +0 -97
data/docs/resources/aws_iam_policy.md.erb +0 -264
data/docs/resources/aws_iam_role.md.erb +0 -79
data/docs/resources/aws_iam_root_user.md.erb +0 -86
data/docs/resources/aws_iam_user.md.erb +0 -130
data/docs/resources/aws_iam_users.md.erb +0 -289
data/docs/resources/aws_kms_key.md.erb +0 -187
data/docs/resources/aws_kms_keys.md.erb +0 -99
data/docs/resources/aws_rds_instance.md.erb +0 -76
data/docs/resources/aws_route_table.md.erb +0 -63
data/docs/resources/aws_route_tables.md.erb +0 -65
data/docs/resources/aws_s3_bucket.md.erb +0 -156
data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
data/docs/resources/aws_s3_buckets.md.erb +0 -69
data/docs/resources/aws_security_group.md.erb +0 -323
data/docs/resources/aws_security_groups.md.erb +0 -107
data/docs/resources/aws_sns_subscription.md.erb +0 -140
data/docs/resources/aws_sns_topic.md.erb +0 -79
data/docs/resources/aws_sns_topics.md.erb +0 -68
data/docs/resources/aws_subnet.md.erb +0 -150
data/docs/resources/aws_subnets.md.erb +0 -142
data/docs/resources/aws_vpc.md.erb +0 -135
data/docs/resources/aws_vpcs.md.erb +0 -135
data/docs/resources/azure_generic_resource.md.erb +0 -183
data/docs/resources/azure_resource_group.md.erb +0 -294
data/docs/resources/azure_virtual_machine.md.erb +0 -357
data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
data/docs/resources/bash.md.erb +0 -85
data/docs/resources/bond.md.erb +0 -100
data/docs/resources/bridge.md.erb +0 -67
data/docs/resources/bsd_service.md.erb +0 -77
data/docs/resources/chocolatey_package.md.erb +0 -68
data/docs/resources/command.md.erb +0 -176
data/docs/resources/cpan.md.erb +0 -89
data/docs/resources/cran.md.erb +0 -74
data/docs/resources/crontab.md.erb +0 -103
data/docs/resources/csv.md.erb +0 -64
data/docs/resources/dh_params.md.erb +0 -221
data/docs/resources/directory.md.erb +0 -40
data/docs/resources/docker.md.erb +0 -240
data/docs/resources/docker_container.md.erb +0 -113
data/docs/resources/docker_image.md.erb +0 -104
data/docs/resources/docker_plugin.md.erb +0 -80
data/docs/resources/docker_service.md.erb +0 -124
data/docs/resources/elasticsearch.md.erb +0 -252
data/docs/resources/etc_fstab.md.erb +0 -135
data/docs/resources/etc_group.md.erb +0 -85
data/docs/resources/etc_hosts.md.erb +0 -88
data/docs/resources/etc_hosts_allow.md.erb +0 -84
data/docs/resources/etc_hosts_deny.md.erb +0 -84
data/docs/resources/file.md.erb +0 -543
data/docs/resources/filesystem.md.erb +0 -51
data/docs/resources/firewalld.md.erb +0 -117
data/docs/resources/gem.md.erb +0 -108
data/docs/resources/group.md.erb +0 -71
data/docs/resources/grub_conf.md.erb +0 -111
data/docs/resources/host.md.erb +0 -96
data/docs/resources/http.md.erb +0 -207
data/docs/resources/iis_app.md.erb +0 -132
data/docs/resources/iis_site.md.erb +0 -145
data/docs/resources/inetd_conf.md.erb +0 -104
data/docs/resources/ini.md.erb +0 -86
data/docs/resources/interface.md.erb +0 -68
data/docs/resources/iptables.md.erb +0 -74
data/docs/resources/json.md.erb +0 -73
data/docs/resources/kernel_module.md.erb +0 -130
data/docs/resources/kernel_parameter.md.erb +0 -63
data/docs/resources/key_rsa.md.erb +0 -95
data/docs/resources/launchd_service.md.erb +0 -67
data/docs/resources/limits_conf.md.erb +0 -85
data/docs/resources/login_defs.md.erb +0 -81
data/docs/resources/mount.md.erb +0 -79
data/docs/resources/mssql_session.md.erb +0 -78
data/docs/resources/mysql_conf.md.erb +0 -109
data/docs/resources/mysql_session.md.erb +0 -84
data/docs/resources/nginx.md.erb +0 -89
data/docs/resources/nginx_conf.md.erb +0 -148
data/docs/resources/npm.md.erb +0 -78
data/docs/resources/ntp_conf.md.erb +0 -70
data/docs/resources/oneget.md.erb +0 -63
data/docs/resources/oracledb_session.md.erb +0 -103
data/docs/resources/os.md.erb +0 -153
data/docs/resources/os_env.md.erb +0 -101
data/docs/resources/package.md.erb +0 -130
data/docs/resources/packages.md.erb +0 -77
data/docs/resources/parse_config.md.erb +0 -113
data/docs/resources/parse_config_file.md.erb +0 -148
data/docs/resources/passwd.md.erb +0 -151
data/docs/resources/pip.md.erb +0 -77
data/docs/resources/port.md.erb +0 -147
data/docs/resources/postgres_conf.md.erb +0 -89
data/docs/resources/postgres_hba_conf.md.erb +0 -103
data/docs/resources/postgres_ident_conf.md.erb +0 -86
data/docs/resources/postgres_session.md.erb +0 -79
data/docs/resources/powershell.md.erb +0 -112
data/docs/resources/processes.md.erb +0 -119
data/docs/resources/rabbitmq_config.md.erb +0 -51
data/docs/resources/registry_key.md.erb +0 -197
data/docs/resources/runit_service.md.erb +0 -67
data/docs/resources/security_policy.md.erb +0 -57
data/docs/resources/service.md.erb +0 -131
data/docs/resources/shadow.md.erb +0 -267
data/docs/resources/ssh_config.md.erb +0 -83
data/docs/resources/sshd_config.md.erb +0 -93
data/docs/resources/ssl.md.erb +0 -129
data/docs/resources/sys_info.md.erb +0 -52
data/docs/resources/systemd_service.md.erb +0 -67
data/docs/resources/sysv_service.md.erb +0 -67
data/docs/resources/upstart_service.md.erb +0 -67
data/docs/resources/user.md.erb +0 -150
data/docs/resources/users.md.erb +0 -137
data/docs/resources/vbscript.md.erb +0 -65
data/docs/resources/virtualization.md.erb +0 -67
data/docs/resources/windows_feature.md.erb +0 -69
data/docs/resources/windows_hotfix.md.erb +0 -63
data/docs/resources/windows_task.md.erb +0 -95
data/docs/resources/wmi.md.erb +0 -91
data/docs/resources/x509_certificate.md.erb +0 -161
data/docs/resources/xinetd_conf.md.erb +0 -166
data/docs/resources/xml.md.erb +0 -95
data/docs/resources/yaml.md.erb +0 -79
data/docs/resources/yum.md.erb +0 -108
data/docs/resources/zfs_dataset.md.erb +0 -63
data/docs/resources/zfs_pool.md.erb +0 -57
data/docs/shared/matcher_be.md.erb +0 -1
data/docs/shared/matcher_cmp.md.erb +0 -43
data/docs/shared/matcher_eq.md.erb +0 -3
data/docs/shared/matcher_include.md.erb +0 -1
data/docs/shared/matcher_match.md.erb +0 -1
data/docs/shell.md +0 -217
data/docs/style.md +0 -178
data/examples/README.md +0 -8
data/examples/custom-resource/README.md +0 -3
data/examples/custom-resource/controls/example.rb +0 -7
data/examples/custom-resource/inspec.yml +0 -8
data/examples/custom-resource/libraries/batsignal.rb +0 -20
data/examples/custom-resource/libraries/gordon.rb +0 -21
data/examples/inheritance/README.md +0 -65
data/examples/inheritance/controls/example.rb +0 -14
data/examples/inheritance/inspec.yml +0 -16
data/examples/kitchen-ansible/.kitchen.yml +0 -25
data/examples/kitchen-ansible/Gemfile +0 -19
data/examples/kitchen-ansible/README.md +0 -53
data/examples/kitchen-ansible/files/nginx.repo +0 -6
data/examples/kitchen-ansible/tasks/main.yml +0 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
data/examples/kitchen-chef/.kitchen.yml +0 -20
data/examples/kitchen-chef/Berksfile +0 -3
data/examples/kitchen-chef/Gemfile +0 -19
data/examples/kitchen-chef/README.md +0 -27
data/examples/kitchen-chef/metadata.rb +0 -7
data/examples/kitchen-chef/recipes/default.rb +0 -6
data/examples/kitchen-chef/recipes/nginx.rb +0 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
data/examples/kitchen-puppet/.kitchen.yml +0 -23
data/examples/kitchen-puppet/Gemfile +0 -20
data/examples/kitchen-puppet/Puppetfile +0 -25
data/examples/kitchen-puppet/README.md +0 -53
data/examples/kitchen-puppet/manifests/site.pp +0 -33
data/examples/kitchen-puppet/metadata.json +0 -11
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
data/examples/meta-profile/README.md +0 -37
data/examples/meta-profile/controls/example.rb +0 -13
data/examples/meta-profile/inspec.yml +0 -13
data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
data/examples/plugins/inspec-resource-lister/README.md +0 -62
data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
data/examples/profile-attribute.yml +0 -2
data/examples/profile-attribute/README.md +0 -14
data/examples/profile-attribute/controls/example.rb +0 -11
data/examples/profile-attribute/inspec.yml +0 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
data/examples/profile-aws/inspec.yml +0 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
data/examples/profile-azure/inspec.yml +0 -11
data/examples/profile-sensitive/README.md +0 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
data/examples/profile-sensitive/controls/sensitive.rb +0 -9
data/examples/profile-sensitive/inspec.yml +0 -8
data/examples/profile/README.md +0 -48
data/examples/profile/controls/example.rb +0 -24
data/examples/profile/controls/gordon.rb +0 -36
data/examples/profile/controls/meta.rb +0 -36
data/examples/profile/inspec.yml +0 -11
data/examples/profile/libraries/gordon_config.rb +0 -59

data/docs/resources/aws_iam_access_keys.md.erb DELETED Viewed

@@ -1,214 +0,0 @@
----
-title: About the aws_iam_access_keys Resource
-platform: aws
----
-# aws\_iam\_access\_keys
-Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all IAM Access Keys.
-To test properties of a single Access Key, use the `aws_iam_access_key` resource instead.
-To test properties of an individual user's access keys, use the `aws_iam_user` resource.
-Access Keys are closely related to AWS User resources. Use this resource to perform audits of all keys or of keys specified by criteria unrelated to any particular user.
-<br>
-## Availability
-### Installation
-This resource is distributed along with InSpec itself. You can use it automatically.
-### Version
-This resource first became available in v2.0.16 of InSpec.
-## Syntax
-An `aws_iam_access_keys` resource block uses an optional filter to select a group of access keys and then tests that group.
-    # Do not allow any access keys
-    describe aws_iam_access_keys do
-      it { should_not exist }
-    end
-    # Don't let fred have access keys, using filter argument syntax
-    describe aws_iam_access_keys.where(username: 'fred') do
-      it { should_not exist }
-    end
-    # Don't let fred have access keys, using filter block syntax (most flexible)
-    describe aws_iam_access_keys.where { username == 'fred' } do
-      it { should_not exist }
-    end
-<br>
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Disallow access keys created more than 90 days ago
-    describe aws_iam_access_keys.where { created_days_ago > 90 } do
-      it { should_not exist }
-    end
-<br>
-## Filter Criteria
-* `active`, `create_date`, `created_days_ago`, `created_hours_ago`, `created_with_user`, `ever_used`, `inactive`, `last_used_date`, `last_used_hours_ago`, `last_used_days_ago`, `never_used`, `user_created_date`
-<br>
-## Filter Examples
-### active
-A true / false value indicating if an Access Key is currently "Active" (the normal state) in the AWS console. See also: `inactive`.
-    # Check if a particular key is enabled
-    describe aws_iam_access_keys.where { active } do
-      its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
-    end
-### create\_date
-A DateTime identifying when the Access Key was created. See also `created_days_ago` and `created_hours_ago`.
-    # Detect keys older than 2017
-    describe aws_iam_access_keys.where { create_date < DateTime.parse('2017-01-01') } do
-      it { should_not exist }
-    end
-### created\_days\_ago, created\_hours\_ago
-An integer, representing how old the access key is.
-    # Don't allow keys that are older than 90 days
-    describe aws_iam_access_keys.where { created_days_ago > 90 } do
-      it { should_not exist }
-    end
-### created\_with\_user
-A true / false value indicating if the Access Key was likely created at the same time as the user, by checking if the difference between created_date and user_created_date is less than 1 hour.
-    # Do not automatically create keys for users
-    describe aws_iam_access_keys.where { created_with_user } do
-      it { should_not exist }
-    end
-### ever\_used
-A true / false value indicating if the Access Key has ever been used, based on the last_used_date. See also: `never_used`.
-    # Check to see if a particular key has ever been used
-    describe aws_iam_access_keys.where { ever_used } do
-      its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
-    end
-### inactive
-A true / false value indicating if the Access Key has been marked Inactive in the AWS console. See also: `active`.
-    # Don't leave inactive keys laying around
-    describe aws_iam_access_keys.where { inactive } do
-      it { should_not exist }
-    end
-### last\_used\_date
-A DateTime identifying when the Access Key was last used. Returns nil if the key has never been used. See also: `ever_used`, `last_used_days_ago`, `last_used_hours_ago`, and `never_used`.
-    # No one should do anything on Mondays
-    describe aws_iam_access_keys.where { ever_used and last_used_date.monday? } do
-      it { should_not exist }
-    end
-### last\_used\_days\_ago, last\_used\_hours\_ago
-An integer representing when the key was last used. See also: `ever_used`, `last_used_date`, and `never_used`.
-    # Don't allow keys that sit unused for more than 90 days
-    describe aws_iam_access_keys.where { last_used_days_ago > 90 } do
-      it { should_not exist }
-    end
-### never\_used
-A true / false value indicating if the Access Key has never been used, based on the `last_used_date`. See also: `ever_used`.
-    # Don't allow unused keys to lay around
-    describe aws_iam_access_keys.where { never_used } do
-      it { should_not exist }
-    end
-### username
-Searches for access keys owned by the named user. Each user may have zero, one, or two access keys.
-    describe aws_iam_access_keys(username: 'bob') do
-      it { should exist }
-    end
-### user\_created\_date
-The date at which the user was created.
-    # Users have to be a week old to have a key
-    describe aws_iam_access_keys.where { user_created_date > Date.now - 7 }
-      it { should_not exist }
-    end
-<br>
-## Properties
-* `access_key_ids`, `entries`
-## Property Examples
-### access\_key\_ids
-Provides a list of all access key IDs matched.
-    describe aws_iam_access_keys do
-      its('access_key_ids') { should include('AKIA1234567890ABCDEF') }
-    end
-### entries
-Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
-    # Allow at most 100 access keys on the account
-    describe aws_iam_access_keys do
-      its('entries.count') { should be <= 100}
-    end
-<br>
-## Matchers
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-### exists
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-    # Sally should have at least one access key
-    describe aws_iam_access_keys.where(username: 'sally') do
-      it { should exist }
-    end
-    # Don't let fred have access keys
-    describe aws_iam_access_keys.where(username: 'fred') do
-      it { should_not exist }
-    end
-## AWS Permissions
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListAccessKeys`, and `iam:ListUsers` action with Effect set to Allow.
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_group.md.erb DELETED Viewed

@@ -1,74 +0,0 @@
----
-title: About the aws_iam_group Resource
-platform: aws
----
-# aws\_iam\_group
-Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
-To test properties of multiple or all groups, use the `aws_iam_groups` resource.
-<br>
-## Availability
-### Installation
-This resource is distributed along with InSpec itself. You can use it automatically.
-### Version
-This resource first became available in v2.0.16 of InSpec.
-## Syntax
-An `aws_iam_group` resource block identifies a group by group name.
-    # Find a group by group name
-    describe aws_iam_group('mygroup') do
-      it { should exist }
-    end
-    # Hash syntax for group name
-    describe aws_iam_group(group_name: 'mygroup') do
-      it { should exist }
-    end
-<br>
-## Examples
-The following examples show how to use this InSpec audit resource.
-As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.
-<br>
-## Properties
-### users
-Provides a list of the users that are attached to the group
-    describe aws_iam_group('mygroup')
-      its('users') { should include 'iam_user_name' }
-    end
-<br>
-## Matchers
-### exists
-The control will pass if a group with the given group name exists.
-    describe aws_iam_group('mygroup')
-      it { should exist }
-    end
-## AWS Permissions
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetGroup` action with Effect set to Allow.
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_groups.md.erb DELETED Viewed

@@ -1,92 +0,0 @@
----
-title: About the aws_iam_groups Resource
-platform: aws
----
-# aws\_iam\_groups
-Use the `aws_iam_groups` InSpec audit resource to test properties of all or multiple groups.
-To test properties of a single group, use the `aws_iam_group` resource.
-<br>
-## Availability
-### Installation
-This resource is distributed along with InSpec itself. You can use it automatically.
-### Version
-This resource first became available in v2.0.16 of InSpec.
-## Syntax
-An `aws_iam_groups` resource block uses an optional filter to select a collection of IAM groups and then tests that collection.
-    # The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-    describe aws_iam_groups do
-      it { should exist }
-    end
-<br>
-## Examples
-The following examples show how to use this InSpec audit resource.
-As this is the initial release of `aws_iam_groups`, its limited functionality precludes examples.
-<br>
-## Filter Criteria
-### group_name
-Filters the IAM groups by their group name, a string.  If you know the exact group name, use `aws_iam_group` (singular) instead.  This criteria may be used when you know a pattern of the name.
-    # Use a regex to find groups ending with 'Admins'
-    describe aws_iam_groups.where(group_name: /Admins$/) do
-      its('group_names') { should include 'FriendlyAdmins' }
-      its('group_names') { shoud_not include 'ShunnedAdmins' }
-    end
-## Properties
-### group_names
-An Array of Strings, reflecting the IAM group names matched by the filter.  If no groups matched, this will be empty.  You can also use this with `aws_iam_group` to enumerate groups.
-    # Check for friendly people
-    describe aws_iam_groups.where(group_name: /Admins$/) do
-      its('group_names') { should include 'FriendlyAdmins' }
-      its('group_names') { should include 'KindAdmins' }
-    end
-    # Use to loop and fetch groups individually for auditing in detail
-    # Without a `where`, this fetches all groups
-    aws_iam_groups.group_names.each do |group_names|
-      # A roundabout way of saying "bob should not be in any groups"
-      describe aws_iam_group(group_name) do
-        its('users') { should_not include 'bob' }
-      end
-    end
-## Matchers
-This resource has no resource-specific matchers.  For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
-### exists
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-    describe aws_iam_groups
-      it { should exist }
-    end
-## AWS Permissions
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListGroups` action with Effect set to Allow.
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_password_policy.md.erb DELETED Viewed

@@ -1,92 +0,0 @@
----
-title: About the aws_iam_password_policy Resource
-platform: aws
----
-# aws\_iam\_password\_policy
-Use the `aws_iam_password_policy` InSpec audit resource to test properties of the AWS IAM Password Policy.
-<br>
-## Availability
-### Installation
-This resource is distributed along with InSpec itself. You can use it automatically.
-### Version
-This resource first became available in v2.0.16 of InSpec.
-## Syntax
-An `aws_iam_password_policy` resource block takes no parameters. Several properties and matchers are available.
-    describe aws_iam_password_policy do
-      it { should require_lowercase_characters }
-    end
-<br>
-## Properties
-* `max_password_age_in_days`, `minimum_password_length`, `number_of_passwords_to_remember`
-## Examples
-The following examples show how to use this InSpec audit resource.
-### Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight
-    describe aws_iam_password_policy do
-      it { should require_lowercase_characters }
-      it { should require_uppercase_characters }
-      it { should require_symbols }
-      it { should require_numbers }
-      its('minimum_password_length') { should be > 8 }
-    end
-### Test that the IAM Password Policy allows users to change their password
-    describe aws_iam_password_policy do
-      it { should allow_users_to_change_passwords }
-    end
-### Test that the IAM Password Policy expires passwords
-    describe aws_iam_password_policy do
-      it { should expire_passwords }
-    end
-### Test that the IAM Password Policy has a max password age
-    describe aws_iam_password_policy do
-      its('max_password_age_in_days') { should be 90 }
-    end
-### Test that the IAM Password Policy prevents password reuse
-    describe aws_iam_password_policy do
-      it { should prevent_password_reuse }
-    end
-### Test that the IAM Password Policy requires users to remember 3 previous passwords
-    describe aws_iam_password_policy do
-      its('number_of_passwords_to_remember') { should eq 3 }
-    end
-<br>
-## Matchers
-This resource uses the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-* `allows_users_to_change_passwords`, `expire_passwords`, `prevent_password_reuse`, `require_lowercase_characters` , `require_uppercase_characters`, `require_numbers`, `require_symbols`
-## AWS Permissions
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetAccountPasswordPolicy` action with Effect set to Allow.
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).