inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,142 +0,0 @@
1
- ---
2
- title: About the aws_subnets Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_subnets
7
-
8
- Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
9
-
10
- Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
11
- VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
12
- Separating IP addresses allows for protection if there is a failure in one availability zone.
13
-
14
- <br>
15
-
16
- ## Availability
17
-
18
- ### Installation
19
-
20
- This resource is distributed along with InSpec itself. You can use it automatically.
21
-
22
- ### Version
23
-
24
- This resource first became available in v2.0.16 of InSpec.
25
-
26
- ## Syntax
27
-
28
- An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
29
-
30
- # Test all subnets within a single vpc
31
- describe aws_subnets.where(vpc_id: 'vpc-12345678') do
32
- its('subnet_ids') { should include 'subnet-12345678' }
33
- its('subnet_ids') { should include 'subnet-98765432' }
34
- end
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- As this is the initial release of `aws_subnets`, its limited functionality precludes examples.
43
-
44
- <br>
45
-
46
- ## Filter Criteria
47
-
48
- * `vpc_id`, `subnet_id`
49
-
50
- ## Filter Examples
51
-
52
- ### vpc\_id
53
-
54
- A string identifying the VPC which may or may not contain subnets.
55
-
56
- # Look for all subnets within a vpc.
57
- describe aws_subnets.where( vpc_id: 'vpc-12345678') do
58
- its('subnet_ids') { should include 'subnet-12345678' }
59
- its('subnet_ids') { should include 'subnet-98765432' }
60
- end
61
-
62
- ### subnet\_id
63
-
64
- A string identifying a specific subnet.
65
-
66
- # Examine a specific subnet
67
- describe aws_subnets.where(subnet_id: 'subnet-12345678') do
68
- its('cidr_blocks') { should eq ['10.0.1.0/24'] }
69
- end
70
-
71
- <br>
72
-
73
- ## Properties
74
-
75
- * `cidr_blocks`, `states`, `subnet_ids`,`vpc_ids`
76
-
77
- <br>
78
-
79
- ## Property Examples
80
-
81
- ### cidr\_blocks
82
-
83
- Provides a string that contains the cidr block of ip addresses that can be given in the subnet.
84
-
85
- # Examine a specific subnets cidr_blocks
86
- describe aws_subnets.where( subnet_id: 'subnet-12345678') do
87
- its('cidr_blocks') { should eq ['10.0.1.0/24'] }
88
- end
89
-
90
- ### states
91
-
92
- Provides an array of strings including if the subnets are available.
93
-
94
- # Examine a specific vpcs Subnet IDs
95
- describe aws_subnets.where( vpc_id: 'vpc-12345678') do
96
- its('states') { should_not include 'pending' }
97
- end
98
-
99
- ### subnet\_ids
100
-
101
- Provides an array of strings containing the subnet IDs associated with a vpc.
102
-
103
- # Examine a specific vpcs Subnet IDs
104
- describe aws_subnets.where( vpc_id: 'vpc-12345678') do
105
- its('subnet_ids') { should include 'subnet-12345678' }
106
- its('subnet_ids') { should include 'subnet-98765432' }
107
- end
108
-
109
- ### vpc\_ids
110
-
111
- Provides an array containing a string of the vpc_id associated with a subnet.
112
-
113
- # Examine a specific subnets VPC IDS
114
- describe aws_subnets.where( subnet_id: 'subnet-12345678') do
115
- its('vpc_ids') { should include 'vpc-12345678' }
116
- end
117
-
118
- <br>
119
-
120
- ## Matchers
121
-
122
- For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
123
-
124
- ### exists
125
-
126
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
127
-
128
- # You dont always have subnets, so you can test if there are any.
129
- describe aws_subnets
130
- it { should exist }
131
- end
132
-
133
- # Test that there are subnets in a vpc
134
- describe aws_subnets.where(vpc_id: 'vpc-12345678')
135
- it { should exist }
136
- end
137
-
138
- ## AWS Permissions
139
-
140
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
141
-
142
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
@@ -1,135 +0,0 @@
1
- ---
2
- title: About the aws_vpc Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_vpc
7
-
8
- Use the `aws_vpc` InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
9
-
10
- To test properties of all or multiple VPCs, use the `aws_vpcs` resource.
11
-
12
- A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
13
-
14
- Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
15
-
16
- Every AWS account has at least one VPC, the "default" VPC, in every region.
17
-
18
- <br>
19
-
20
- ## Availability
21
-
22
- ### Installation
23
-
24
- This resource is distributed along with InSpec itself. You can use it automatically.
25
-
26
- ### Version
27
-
28
- This resource first became available in v2.0.16 of InSpec.
29
-
30
- ## Syntax
31
-
32
- An `aws_vpc` resource block identifies a VPC by id. If no VPC ID is provided, the default VPC is used.
33
-
34
- # Find the default VPC
35
- describe aws_vpc do
36
- it { should exist }
37
- end
38
-
39
- # Find a VPC by ID
40
- describe aws_vpc('vpc-12345678') do
41
- it { should exist }
42
- end
43
-
44
- # Hash syntax for ID
45
- describe aws_vpc(vpc_id: 'vpc-12345678') do
46
- it { should exist }
47
- end
48
-
49
- <br>
50
-
51
- ## Examples
52
-
53
- The following examples show how to use this InSpec audit resource.
54
-
55
- ### Test that a VPC does not exist
56
-
57
- describe aws_vpc('vpc-87654321') do
58
- it { should_not exist }
59
- end
60
-
61
- ### Test the CIDR of a named VPC
62
-
63
- describe aws_vpc('vpc-87654321') do
64
- its('cidr_block') { should cmp '10.0.0.0/16' }
65
- end
66
-
67
- <br>
68
-
69
- ## Properties
70
-
71
- * `cidr_block`, `dhcp_options_id`, `state`, `vpc_id`, `instance_tenancy`
72
-
73
- <br>
74
-
75
- ## Property Examples
76
-
77
- ### cidr\_block
78
-
79
- The IPv4 address range that is managed by the VPC.
80
-
81
- describe aws_vpc('vpc-87654321') do
82
- its('cidr_block') { should cmp '10.0.0.0/16' }
83
- end
84
-
85
- ### dhcp\_options\_id
86
-
87
- The ID of the set of DHCP options associated with the VPC (or `default` if the default options are associated with the VPC).
88
-
89
- describe aws_vpc do
90
- its ('dhcp_options_id') { should eq 'dopt-a94671d0' }
91
- end
92
-
93
- ### instance\_tenancy
94
-
95
- The allowed tenancy of instances launched into the VPC.
96
-
97
- describe aws_vpc do
98
- its ('instance_tenancy') { should eq 'default' }
99
- end
100
-
101
- ### state
102
-
103
- The state of the VPC (`pending` | `available`).
104
-
105
- describe aws_vpc do
106
- its ('state') { should eq 'available' }
107
- end
108
-
109
- ### vpc\_id
110
-
111
- The ID of the VPC.
112
-
113
- describe aws_vpc do
114
- its('vpc_id') { should eq 'vpc-87654321' }
115
- end
116
-
117
- <br>
118
-
119
- ## Matchers
120
-
121
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
122
-
123
- ### be\_default
124
-
125
- The test will pass if the identified VPC is the default VPC for the region.
126
-
127
- describe aws_vpc('vpc-87654321') do
128
- it { should be_default }
129
- end
130
-
131
- ## AWS Permissions
132
-
133
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
134
-
135
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
@@ -1,135 +0,0 @@
1
- ---
2
- title: About the aws_vpcs Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_vpcs
7
-
8
- Use the `aws_vpcs` InSpec audit resource to test properties of some or all AWS Virtual Private Clouds (VPCs).
9
-
10
- A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
11
-
12
- Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
13
-
14
- Every AWS account has at least one VPC, the "default" VPC, in every region.
15
-
16
- <br>
17
-
18
- ## Availability
19
-
20
- ### Installation
21
-
22
- This resource is distributed along with InSpec itself. You can use it automatically.
23
-
24
- ### Version
25
-
26
- This resource first became available in v2.0.16 of InSpec.
27
-
28
- ## Syntax
29
-
30
- An `aws_vpcs` resource block uses an optional filter to select a group of VPCs and then tests that group.
31
-
32
- # The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
33
-
34
- # Since you always have at least one VPC, this will always pass.
35
- describe aws_vpcs do
36
- it { should exist }
37
- end
38
-
39
- # Insist that all VPCs use the same DHCP option set.
40
- describe aws_vpcs.where { dhcp_options_id != 'dopt-12345678' } do
41
- it { should_not exist }
42
- end
43
-
44
- <br>
45
-
46
- ## Examples
47
-
48
- The following examples show how to use this InSpec audit resource.
49
-
50
- ### Check for a Particular VPC ID
51
-
52
- describe aws_vpcs do
53
- its('vpc_ids') { should include 'vpc-12345678' }
54
- end
55
-
56
- ### Use the VPC IDs to Get a List of Default Security Groups
57
-
58
- aws_vpcs.vpc_ids.each do |vpc_id|
59
- describe aws_security_group(vpc_id: vpc_id, group_name: 'default') do
60
- it { should_not allow_in(port: 22) }
61
- end
62
- end
63
-
64
- <br>
65
-
66
- ## Filter Criteria
67
-
68
- ### cidr_block
69
-
70
- Filters the results to include only those VPCs that match the given IPv4 range. This is a string value.
71
-
72
- # We shun the 10.0.0.0/8 space
73
- describe aws_vpcs.where { cidr_block.start_with?('10') } do
74
- it { should_not exist }
75
- end
76
-
77
- ### dhcp_option_id
78
-
79
- Filters the results to include only those VPCs that have the given DHCP Option Set.
80
-
81
- # Insist on one DHCP option set for all VPCs.
82
- describe aws_vpcs.where { dhcp_options_id != 'dopt-12345678' } do
83
- it { should_not exist }
84
- end
85
-
86
- ## Properties
87
-
88
- ### cidr_blocks
89
-
90
- The cidr_blocks property provides a list of the CIDR blocks that the matched VPCs serve as strings.
91
-
92
- describe aws_vpcs do
93
- # This is simple array membership checking - not subnet membership
94
- its('cidr_blocks') { should include '179.0.0.0/16' }
95
- end
96
-
97
- ### dhcp_options_ids
98
-
99
- The dhcp_option_set_ids property provides a de-duplicated list of the DHCP Option Set IDs that the matched VPCs use when assigning IPs to resources.
100
-
101
- describe aws_vpcs do
102
- its('dhcp_options_ids') { should include 'dopt-12345678' }
103
- end
104
-
105
- ### vpc_ids
106
-
107
- The vpc_ids property provides a list of the IDs of the matched VPCs.
108
-
109
- describe aws_vpcs do
110
- its('vpc_ids') { should include 'vpc-12345678' }
111
- end
112
-
113
- # Get a list of all VPC IDs
114
- aws_vpcs.vpc_ids.each do |vpc_id|
115
- # Do something with vpc_id
116
- end
117
-
118
- ## Matchers
119
-
120
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
121
-
122
- ### exists
123
-
124
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
125
-
126
- # You will always have at least one VPC
127
- describe aws_vpcs
128
- it { should exist }
129
- end
130
-
131
- ## AWS Permissions
132
-
133
- Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
134
-
135
- You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).
@@ -1,183 +0,0 @@
1
- ---
2
- title: About the azure_generic_resource Resource
3
- ---
4
-
5
- # azure\_generic\_resource
6
-
7
- <p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
8
-
9
- Use the `azure_generic_resource` InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific Inspec resource for.
10
-
11
- ## Availability
12
-
13
- ### Installation
14
-
15
- This resource is distributed along with InSpec itself. You can use it automatically.
16
-
17
- ### Version
18
-
19
- This resource first became available in v2.0.16 of InSpec.
20
-
21
- ## Syntax
22
-
23
- describe azure_generic_resource(group_name: 'MyResourceGroup', name: 'MyResource') do
24
- its('property') { should eq 'value' }
25
- end
26
-
27
- where
28
-
29
- * `MyResourceGroup` is the name of the resource group that contains the Azure Resource to be validated
30
- * `MyResource` is the name of the resource that needs to be checked
31
- * `property` This generic resource dynamically creates the properties on the fly based on the type of resource that has been targeted.
32
- * `value` is the expected output from the chosen property
33
-
34
- <br>
35
-
36
- ## Parameters
37
-
38
- * `group_name`, `name`, `apiversion`, `type`
39
-
40
- <br>
41
-
42
- ## Parameter Examples
43
-
44
- The options that can be passed to the resource are as follows.
45
-
46
- ### group_name (required)
47
-
48
- Use this parameter to define the Azure Resource Group to be tested.
49
-
50
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
51
- ...
52
- end
53
-
54
- ### name
55
-
56
- Use this parameter to define the name of the Azure resource to test.
57
-
58
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
59
- ...
60
- end
61
-
62
- ### apiversion
63
-
64
- The API Version to use when querying the resource. Defaults to the latest version for the resource.
65
-
66
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
67
- ...
68
- end
69
-
70
- ### type
71
-
72
- Use this parameter to define the type of resources to test.
73
-
74
- describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0', type: 'Microsoft.Compute/virtualMachines') do
75
- ...
76
- end
77
-
78
- These options can also be set using the environment variables:
79
-
80
- * `AZURE_RESOURCE_GROUP_NAME`
81
- * `AZURE_RESOURCE_NAME`
82
- * `AZURE_RESOURCE_TYPE`
83
- * `AZURE_RESOURCE_API_VERSION`
84
-
85
- When the options have been set as well as the environment variables, the environment variables take priority.
86
-
87
- <br>
88
-
89
- ## Parameter Example
90
-
91
- describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Linux-Internal-VM', apiversion: '2.0') do
92
- its('location') { should eq 'westeurope' }
93
- end
94
-
95
- <br>
96
-
97
- ## Properties
98
-
99
- The properties that can be tested are entirely dependent on the Azure Resource that is under scrutiny. That means the properties vary. The best way to see what is available please use the [Azure Resources Portal](https://resources.azure.com) to select the resource you are interested in and see what can be tested.
100
-
101
- This resource allows you to test _any_ valid Azure Resource. The trade off for this is that the language to check each item is not as natural as it would be for a native Inspec resource.
102
-
103
- <br>
104
-
105
- ## Property Examples
106
-
107
- The following examples show how to use some of the InSpec audit properties:
108
-
109
- ### Tests the virtual machine's location
110
-
111
- its('location') { should cmp 'westeurope' }
112
-
113
- ### Tests for the presence of a specified address prefix
114
-
115
- its('properties.addressSpace.addressPrefixes') { should include '10.1.1.0/24' }
116
-
117
- ### Tests that virtual machine was created from the correct disk
118
-
119
- its('properties.creationData.createOption') { should eq 'FromImage' }
120
-
121
- ### Tests that the image is Ubuntu
122
-
123
- its('properties.creationData.imageReference.id') { should match 'Canonical' }
124
- its('properties.creationData.imageReference.id') { should match 'UbuntuServer' }
125
- its('properties.creationData.imageReference.id') { should match '16.04.0-LTS' }
126
-
127
- ### Tests the disk size
128
-
129
- its('properties.diskSizeGB') { should be > 25 }
130
-
131
- ### Tests the disk state
132
-
133
- its('properties.diskState') { should cmp 'Attached' }
134
-
135
- ### Tests that there are no custom DNS settings
136
-
137
- its('properties.dnsSettings.dnsServers.count') { should eq 0 }
138
- its('properties.dnsSettings.appliedDnsServers.count') { should eq 0 }
139
-
140
- ### Tests that the NIC is connected to the correct machine
141
-
142
- its('properties.virtualMachine.id') { should match 'Linux-External-VM' }
143
-
144
- ### Tests that the blob and file services are enabled
145
-
146
- its('properties.encryption.services.blob.enabled') { should be true }
147
- its('properties.encryption.services.file.enabled') { should be true }
148
- its('properties.encryption.keySource') { should cmp 'Microsoft.Storage' }
149
-
150
- ### Test the hardware profile
151
-
152
- its('properties.hardwareProfile.vmSize') { should cmp 'Standard_DS2_v2' }
153
-
154
- ### Test the network interfaces
155
-
156
- its('properties.networkProfile.networkInterfaces.count') { should eq 1 }
157
-
158
- ### Test the authentication and OS type
159
-
160
- its('properties.osProfile.computerName') { should eq 'linux-external-1' }
161
- its('properties.osProfile.adminUsername') { should eq 'azure' }
162
- its('properties.osProfile.linuxConfiguration.disablePasswordAuthentication') { should be true }
163
-
164
- ### Test that the tags are properly set
165
-
166
- it { should have_tags }
167
- its('tag_count') { should be 1 }
168
- its('tags') { should include 'Description' }
169
- its('Description_tag') { should match 'Externally facing' }
170
-
171
- <br>
172
-
173
- ## Matchers
174
-
175
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
176
-
177
- <br>
178
-
179
- ## References
180
-
181
- Please see the integration tests for in depth examples of how this resource can be used.
182
-
183
- [Inspec Integration Tests for Azure Generic Resources](https://github.com/chef/inspec/tree/master/test/integration/azure/verify/controls)