inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,107 +0,0 @@
1
- ---
2
- title: About the aws_security_groups Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_security\_groups
7
-
8
- Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
9
-
10
- Security groups are a networking construct that contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
11
-
12
- <br>
13
-
14
- ## Availability
15
-
16
- ### Installation
17
-
18
- This resource is distributed along with InSpec itself. You can use it automatically.
19
-
20
- ### Version
21
-
22
- This resource first became available in v2.0.16 of InSpec.
23
-
24
- ## Syntax
25
-
26
- An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
27
-
28
- # Verify you have more than the default security group
29
- describe aws_security_groups do
30
- its('entries.count') { should be > 1 }
31
- end
32
-
33
- <br>
34
-
35
- ## Examples
36
-
37
- The following examples show how to use this InSpec audit resource.
38
-
39
- As this is the initial release of `aws_security_groups`, its limited functionality precludes examples.
40
-
41
- <br>
42
-
43
- ## Filter Criteria
44
-
45
- ### vpc\_id
46
-
47
- A string identifying the VPC which contains the security group.
48
-
49
- # Look for a particular security group in just one VPC
50
- describe aws_security_groups.where( vpc_id: 'vpc-12345678') do
51
- its('group_ids') { should include('sg-abcdef12')}
52
- end
53
-
54
- ### group\_name
55
-
56
- A string identifying a group. Since groups are contained in VPCs, group names are unique within the AWS account, but not across VPCs.
57
-
58
- # Examine the default security group in all VPCs
59
- describe aws_security_groups.where( group_name: 'default') do
60
- it { should exist }
61
- end
62
-
63
- <br>
64
-
65
- ## Properties
66
-
67
- * `entries`, `group_ids`
68
-
69
- <br>
70
-
71
- ## Property Examples
72
-
73
- ### entries
74
-
75
- Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
76
-
77
- # Allow at most 100 security groups on the account
78
- describe aws_security_groups do
79
- its('entries.count') { should be <= 100}
80
- end
81
-
82
- ### group\_ids
83
-
84
- Provides a list of all security group IDs matched.
85
-
86
- describe aws_security_groups do
87
- its('group_ids') { should include('sg-12345678') }
88
- end
89
-
90
- ## Matchers
91
-
92
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
93
-
94
- ### exists
95
-
96
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
97
-
98
- # You will always have at least one SG, the VPC default SG
99
- describe aws_security_groups
100
- it { should exist }
101
- end
102
-
103
- ## AWS Permissions
104
-
105
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSecurityGroups` action with Effect set to Allow.
106
-
107
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
@@ -1,140 +0,0 @@
1
- ---
2
- title: About the aws_sns_subscription Resource
3
- ---
4
-
5
- # aws\_sns\_subscription
6
-
7
- Use the `aws_sns_subscription` InSpec audit resource to test detailed properties of a AWS SNS Subscription.
8
-
9
- <br>
10
-
11
- ## Availability
12
-
13
- ### Installation
14
-
15
- This resource is distributed along with InSpec itself. You can use it automatically.
16
-
17
- ### Version
18
-
19
- This resource first became available in v2.1.10 of InSpec.
20
-
21
- ## Syntax
22
-
23
- An `aws_sns_subscription` resource block uses resource parameters to search for a SNS Subscription, and then tests that subscriptions properties. If no Subscriptions match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`.
24
-
25
- describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
26
- it { should exist }
27
- end
28
-
29
- <br>
30
-
31
- ## Examples
32
-
33
- The following examples show how to use this InSpec audit resource.
34
-
35
- As this is the initial release of `aws_sns_subscription`, its limited functionality precludes examples.
36
-
37
- <br>
38
-
39
- ## Resource Parameters
40
-
41
- This InSpec resource accepts the following parameters, which are used to search for the Security Group.
42
-
43
- ### subscription\_arn
44
-
45
- The ARN (Amazon Resource Name) of the AWS SNS Subscription.
46
-
47
- # Using Hash syntax
48
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
49
- it { should exist }
50
- end
51
-
52
- # Or omit hash syntax, rely on it being the default parameter
53
- describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
54
- it { should exist }
55
- end
56
-
57
- <br>
58
-
59
- ## Matchers
60
-
61
- ### exists
62
-
63
- The control will pass if the specified Aws Subscription was found. Use should_not if you want to verify that the specified Subscription does not exist.
64
-
65
- # Test that a specific subscription exists.
66
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6')
67
- it { should exist }
68
- end
69
-
70
- # Test that a Subscription does not exist.
71
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
72
- it { should_not exist }
73
- end
74
-
75
- ### be\_confirmation\_authenticated
76
-
77
- Provides whether or not the subscription confirmation request was authenticated.
78
-
79
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
80
- it { should be_confirmation_authenticated }
81
- end
82
-
83
- ### have\_raw\_message\_delivery
84
-
85
- Provides whether or not the original message is passed as is, not formatted as a json or yaml.
86
-
87
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
88
- it { should have_raw_message_delivery }
89
- end
90
-
91
- ## Properties
92
-
93
- ### endpoint
94
-
95
- Provides the destination that the SNS Topic will send notifications to.
96
-
97
- # Inspect the endpoint
98
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
99
- # If protocol is 'sms', this should be a phone number:
100
- its('endpoint') { should cmp '+16105551234' }
101
- # If protocol is 'email' or 'email-json', endpoint should be an email address
102
- its('endpoint') { should cmp 'myemail@example.com' }
103
- # If protocal is 'http', endpoint should be a URL beginning with 'https://'
104
- its('endpoint') { should cmp 'https://www.exampleurl.com' }
105
- # If the protocol is 'lambda', its endpoint should be the ARN of a AWS Lambda function
106
- its('endpoint') { should cmp 'rn:aws:lambda:us-east-1:account-id:function:myfunction' }
107
- end
108
-
109
- ### owner
110
-
111
- Provides the AWS Owners ID.
112
-
113
- # Inspect the owners ID
114
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
115
- its('owner') { should cmp '12345678' }
116
- end
117
-
118
- ### protocol
119
-
120
- Provides the Subscriptions protocol used. For example http, https, email, email-json, sqs, etc. For more information about protocols please visit https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html
121
-
122
- # Inspect the endpoint
123
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
124
- its('protocol') { should cmp 'sqs' }
125
- end
126
-
127
- ### topic\_arn
128
-
129
- Provides the SNS Topic arn that the Subscription is associated with.
130
-
131
- # Inspect the topic arn
132
- describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
133
- its('topic_arn') { should cmp 'arn:aws:sns:us-east-1::test-topic-01' }
134
- end
135
-
136
- ## AWS Permissions
137
-
138
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:GetSubscriptionAttributes` action with Effect set to Allow.
139
-
140
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
@@ -1,79 +0,0 @@
1
- ---
2
- title: About the aws_sns_topic Resource
3
- ---
4
-
5
- # aws\_sns\_topic
6
-
7
- Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS Simple Notification Service Topic. SNS topics are channels for related events. AWS resources place events in the SNS topic, while other AWS resources _subscribe_ to receive notifications when new events have appeared.
8
-
9
- <br>
10
-
11
- ## Availability
12
-
13
- ### Installation
14
-
15
- This resource is distributed along with InSpec itself. You can use it automatically.
16
-
17
- ### Version
18
-
19
- This resource first became available in v2.0.16 of InSpec.
20
-
21
- ## Syntax
22
-
23
- # Ensure that a topic exists and has at least one subscription
24
- describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
25
- it { should exist }
26
- its('confirmed_subscription_count') { should_not be_zero }
27
- end
28
-
29
- # You may also use has syntax to pass the ARN
30
- describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
31
- it { should exist }
32
- end
33
-
34
- ## Resource Parameters
35
-
36
- ### ARN
37
-
38
- This resource expects a single parameter that uniquely identifies the SNS Topic, an ARN. Amazon Resource Names for SNS topics have the format `arn:aws:sns:region:account-id:topicname`. AWS requires a fully-specified ARN for looking up an SNS topic. The account ID and region are required. Wildcards are not permitted.
39
-
40
- See also the [AWS documentation on ARNs](http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
41
-
42
- <br>
43
-
44
- ## Properties
45
-
46
- ### confirmed\_subscription\_count
47
-
48
- An integer indicating the number of currently active subscriptions.
49
-
50
- # Make sure someone is listening
51
- describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
52
- its('confirmed_subscription_count') { should_not be_zero}
53
- end
54
-
55
- <br>
56
-
57
- ## Matchers
58
-
59
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
60
-
61
- ### exist
62
-
63
- Indicates that the ARN provided was found. Use `should_not` to test for SNS topics that should not exist.
64
-
65
- # Expect good news
66
- describe aws_sns_topic('arn:aws:sns:*::good-news') do
67
- it { should exist }
68
- end
69
-
70
- # No bad news allowed
71
- describe aws_sns_topic('arn:aws:sns:*::bad-news') do
72
- it { should_not exist }
73
- end
74
-
75
- ## AWS Permissions
76
-
77
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:GetTopicAttributes` action with Effect set to Allow.
78
-
79
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
@@ -1,68 +0,0 @@
1
- ---
2
- title: About the aws_sns_topics Resource
3
- ---
4
-
5
- # aws\_sns\_topics
6
- Use the `aws_sns_topics` InSpec audit resource to test all or a group of the SNS Topic ARNs in an account.
7
-
8
- User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an account.
9
-
10
- <br>
11
-
12
- ## Availability
13
-
14
- ### Installation
15
-
16
- This resource is distributed along with InSpec itself. You can use it automatically.
17
-
18
- ### Version
19
-
20
- This resource first became available in v2.1.10 of InSpec.
21
-
22
- ## Syntax
23
-
24
- An `aws_sns_topics` resource block takes no filter conditions.
25
-
26
- # Get all SNS Topic arns
27
- describe aws_sns_topics do
28
- its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
29
- end
30
-
31
- <br>
32
-
33
- ## Examples
34
-
35
- The following examples show how to use this InSpec audit resource.
36
-
37
- As this is the initial release of `aws_sns_topics`, its limited functionality precludes examples.
38
-
39
- <br>
40
-
41
- ## Matchers
42
-
43
- ### exists
44
-
45
- The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
46
-
47
- # Test if there is any SNS Topics
48
- describe aws_sns_topics
49
- it { should exist }
50
- end
51
-
52
-
53
- ## Properties
54
-
55
- ### topic\_arns
56
-
57
- Provides an array of all SNS Topic arns.
58
-
59
- # Test that a specific SNS Topic exists
60
- describe aws_sns_topics do
61
- its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
62
- end
63
-
64
- ## AWS Permissions
65
-
66
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `sns:ListTopics` action with Effect set to Allow.
67
-
68
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon SNS](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsns.html).
@@ -1,150 +0,0 @@
1
- ---
2
- title: About the aws_subnet Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_subnet
7
-
8
- Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
9
-
10
- To test properties of a single VPC subnet, use the `aws_subnet` resource.
11
-
12
- To test properties of all or a group of VPC subnets, use the `aws_subnets` resource.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ### Version
23
-
24
- This resource first became available in v2.0.16 of InSpec.
25
-
26
- ## Syntax
27
-
28
- An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
29
-
30
- describe aws_subnet(subnet_id: 'subnet-1234567') do
31
- it { should exist }
32
- its('cidr_block') { should eq '10.0.1.0/24' }
33
- end
34
-
35
- <br>
36
-
37
- ## Resource Parameters
38
-
39
- This InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
40
-
41
- ### subnet\_id
42
-
43
- A string identifying the subnet that the VPC contains.
44
-
45
- # This will error if there is more than the default SG
46
- describe aws_subnet(subnet_id: 'subnet-12345678') do
47
- it { should exist }
48
- end
49
-
50
- <br>
51
-
52
- ## Properties
53
-
54
- * `availability_zone`, `available_ip_address_count`, `cidr_block`, `subnet_id`, `vpc_id`
55
-
56
- <br>
57
-
58
- ## Property Examples
59
-
60
- ### availability\_zone
61
-
62
- Provides the Availability Zone of the subnet.
63
-
64
- describe aws_subnet(subnet_id: 'subnet-12345678') do
65
- its('availability_zone') { should eq 'us-east-1c' }
66
- end
67
-
68
- ### available\_ip\_address\_count
69
-
70
- Provides the number of available IPv4 addresses on the subnet.
71
-
72
- describe aws_subnet(subnet_id: 'subnet-12345678') do
73
- its('available_ip_address_count') { should eq 251 }
74
- end
75
-
76
- ### cidr\_block
77
-
78
- Provides the block of ip addresses specified to the subnet.
79
-
80
- describe aws_subnet(subnet_id: 'subnet-12345678') do
81
- its('cidr_block') { should eq '10.0.1.0/24' }
82
- end
83
-
84
- ### subnet\_id
85
-
86
- Provides the ID of the Subnet.
87
-
88
- describe aws_subnet(subnet_id: 'subnet-12345678') do
89
- its('subnet_id') { should eq 'subnet-12345678' }
90
- end
91
-
92
- ### vpc\_id
93
-
94
- Provides the ID of the VPC the subnet is in.
95
-
96
- describe aws_subnet(subnet_id: 'subnet-12345678') do
97
- its('vpc_id') { should eq 'vpc-12345678' }
98
- end
99
-
100
- <br>
101
-
102
- ## Matchers
103
-
104
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
105
-
106
- ### assigning\_ipv\_6\_address\_on\_creation
107
-
108
- Detects if the network interface on the subnet accepts IPv6 addresses.
109
-
110
- describe aws_subnet(subnet_id: 'subnet-12345678') do
111
- it { should be_assigning_ipv_6_address_on_creation }
112
- end
113
-
114
- ### available
115
-
116
- Provides the current state of the subnet.
117
-
118
- describe aws_subnet(subnet_id: 'subnet-12345678') do
119
- it { should be_available }
120
- end
121
-
122
- ### default\_for\_az
123
-
124
- Detects if the subnet is the default subnet for the Availability Zone.
125
-
126
- describe aws_subnet(subnet_id: 'subnet-12345678') do
127
- it { should be_default_for_az }
128
- end
129
-
130
- ### exist
131
-
132
- The `exist` matcher indicates that a subnet exists for the specified vpc.
133
-
134
- describe aws_subnet(subnet_id: 'subnet-12345678') do
135
- it { should exist }
136
- end
137
-
138
- ### mapping\_public\_ip\_on\_launch
139
-
140
- Provides the VPC ID for the subnet.
141
-
142
- describe aws_subnet(subnet_id: 'subnet-12345678') do
143
- it { should be_mapping_public_ip_on_launch }
144
- end
145
-
146
- ## AWS Permissions
147
-
148
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
149
-
150
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).