inspec 2.3.10 → 2.3.23

data/docs/resources/aws_subnets.md.erb

@@ -1,142 +0,0 @@
----
-title: About the aws_subnets Resource
-platform: aws
----
-
-# aws\_subnets
-
-Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
-
-Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
-VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
-Separating IP addresses allows for protection if there is a failure in one availability zone.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.0.16 of InSpec.
-
-## Syntax
-
-An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
-
-    # Test all subnets within a single vpc
-    describe aws_subnets.where(vpc_id: 'vpc-12345678') do
-      its('subnet_ids') { should include 'subnet-12345678' }
-      its('subnet_ids') { should include 'subnet-98765432' }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-As this is the initial release of `aws_subnets`, its limited functionality precludes examples.
-
-<br>
-
-## Filter Criteria
-
-* `vpc_id`, `subnet_id`
-
-## Filter Examples
-
-### vpc\_id
-
-A string identifying the VPC which may or may not contain subnets.
-
-    # Look for all subnets within a vpc.
-    describe aws_subnets.where( vpc_id: 'vpc-12345678') do
-      its('subnet_ids') { should include 'subnet-12345678' }
-      its('subnet_ids') { should include 'subnet-98765432' }
-    end
-
-### subnet\_id
-
-A string identifying a specific subnet.
-
-    # Examine a specific subnet
-    describe aws_subnets.where(subnet_id: 'subnet-12345678') do
-      its('cidr_blocks') { should eq ['10.0.1.0/24'] }
-    end
-
-<br>
-
-## Properties
-
-* `cidr_blocks`,  `states`, `subnet_ids`,`vpc_ids`
-
-<br>
-
-## Property Examples
-
-### cidr\_blocks
-
-Provides a string that contains the cidr block of ip addresses that can be given in the subnet.
-
-    # Examine a specific subnets cidr_blocks
-    describe aws_subnets.where( subnet_id: 'subnet-12345678') do
-      its('cidr_blocks') { should eq ['10.0.1.0/24'] }
-    end
-
-### states
-
-Provides an array of strings including if the subnets are available.
-
-    # Examine a specific vpcs Subnet IDs
-    describe aws_subnets.where( vpc_id: 'vpc-12345678') do
-      its('states') { should_not include 'pending' }
-    end
-
-### subnet\_ids
-
-Provides an array of strings containing the subnet IDs associated with a vpc.
-
-    # Examine a specific vpcs Subnet IDs
-    describe aws_subnets.where( vpc_id: 'vpc-12345678') do
-      its('subnet_ids') { should include 'subnet-12345678' }
-      its('subnet_ids') { should include 'subnet-98765432' }
-    end
-
-### vpc\_ids
-
-Provides an array containing a string of the vpc_id associated with a subnet.
-
-    # Examine a specific subnets VPC IDS
-    describe aws_subnets.where( subnet_id: 'subnet-12345678') do
-      its('vpc_ids') { should include 'vpc-12345678' }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### exists
-
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-
-    # You dont always have subnets, so you can test if there are any.
-    describe aws_subnets
-      it { should exist }
-    end
-
-    # Test that there are subnets in a vpc
-    describe aws_subnets.where(vpc_id: 'vpc-12345678')
-      it { should exist }
-    end
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).

data/docs/resources/aws_vpc.md.erb

@@ -1,135 +0,0 @@
----
-title: About the aws_vpc Resource
-platform: aws
----
-
-# aws\_vpc
-
-Use the `aws_vpc` InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
-
-To test properties of all or multiple VPCs, use the `aws_vpcs` resource.
-
-A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
-
-Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
-
-Every AWS account has at least one VPC, the "default" VPC, in every region.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.0.16 of InSpec.
-
-## Syntax
-
-An `aws_vpc` resource block identifies a VPC by id. If no VPC ID is provided, the default VPC is used.
-
-    # Find the default VPC
-    describe aws_vpc do
-      it { should exist }
-    end
-
-    # Find a VPC by ID
-    describe aws_vpc('vpc-12345678') do
-      it { should exist }
-    end
-
-    # Hash syntax for ID
-    describe aws_vpc(vpc_id: 'vpc-12345678') do
-      it { should exist }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that a VPC does not exist
-
-    describe aws_vpc('vpc-87654321') do
-      it { should_not exist }
-    end
-
-### Test the CIDR of a named VPC
-
-    describe aws_vpc('vpc-87654321') do
-      its('cidr_block') { should cmp '10.0.0.0/16' }
-    end
-
-<br>
-
-## Properties
-
-* `cidr_block`, `dhcp_options_id`, `state`, `vpc_id`, `instance_tenancy`
-
-<br>
-
-## Property Examples
-
-### cidr\_block
-
-The IPv4 address range that is managed by the VPC.
-
-    describe aws_vpc('vpc-87654321') do
-      its('cidr_block') { should cmp '10.0.0.0/16' }
-    end
-
-### dhcp\_options\_id
-
-The ID of the set of DHCP options associated with the VPC (or `default` if the default options are associated with the VPC).
-
-    describe aws_vpc do
-      its ('dhcp_options_id') { should eq 'dopt-a94671d0' }
-    end
-
-### instance\_tenancy
-
-The allowed tenancy of instances launched into the VPC.
-
-    describe aws_vpc do
-      its ('instance_tenancy') { should eq 'default' }
-    end
-
-### state
-
-The state of the VPC (`pending` | `available`).
-
-    describe aws_vpc do
-      its ('state') { should eq 'available' }
-    end
-
-### vpc\_id
-
-The ID of the VPC.
-
-    describe aws_vpc do
-      its('vpc_id') { should eq 'vpc-87654321' }
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be\_default
-
-The test will pass if the identified VPC is the default VPC for the region.
-
-    describe aws_vpc('vpc-87654321') do
-      it { should be_default }
-    end
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).

data/docs/resources/aws_vpcs.md.erb

@@ -1,135 +0,0 @@
----
-title: About the aws_vpcs Resource
-platform: aws
----
-
-# aws\_vpcs
-
-Use the `aws_vpcs` InSpec audit resource to test properties of some or all AWS Virtual Private Clouds (VPCs).
-
-A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
-
-Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
-
-Every AWS account has at least one VPC, the "default" VPC, in every region.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.0.16 of InSpec.
-
-## Syntax
-
-An `aws_vpcs` resource block uses an optional filter to select a group of VPCs and then tests that group.
-
-    # The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-
-    # Since you always have at least one VPC, this will always pass.
-    describe aws_vpcs do
-      it { should exist }
-    end
-
-    # Insist that all VPCs use the same DHCP option set.
-    describe aws_vpcs.where { dhcp_options_id != 'dopt-12345678' } do
-      it { should_not exist }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Check for a Particular VPC ID
-
-    describe aws_vpcs do
-      its('vpc_ids') { should include 'vpc-12345678' }
-    end
-
-### Use the VPC IDs to Get a List of Default Security Groups
-
-    aws_vpcs.vpc_ids.each do |vpc_id|
-      describe aws_security_group(vpc_id: vpc_id, group_name: 'default') do
-        it { should_not allow_in(port: 22) }
-      end
-    end
-
-<br>
-
-## Filter Criteria
-
-### cidr_block
-
-Filters the results to include only those VPCs that match the given IPv4 range.  This is a string value.
-
-    # We shun the 10.0.0.0/8 space
-    describe aws_vpcs.where { cidr_block.start_with?('10') } do
-      it { should_not exist }
-    end
-
-### dhcp_option_id
-
-Filters the results to include only those VPCs that have the given DHCP Option Set.
-
-    # Insist on one DHCP option set for all VPCs.
-    describe aws_vpcs.where { dhcp_options_id != 'dopt-12345678' } do
-      it { should_not exist }
-    end
-
-## Properties
-
-### cidr_blocks
-
-The cidr_blocks property provides a list of the CIDR blocks that the matched VPCs serve as strings.
-
-    describe aws_vpcs do
-      # This is simple array membership checking - not subnet membership
-      its('cidr_blocks') { should include '179.0.0.0/16' }
-    end
-
-### dhcp_options_ids
-
-The dhcp_option_set_ids property provides a de-duplicated list of the DHCP Option Set IDs that the matched VPCs use when assigning IPs to resources.
-
-    describe aws_vpcs do
-      its('dhcp_options_ids') { should include 'dopt-12345678' }
-    end
-
-### vpc_ids
-
-The vpc_ids property provides a list of the IDs of the matched VPCs.
-
-    describe aws_vpcs do
-      its('vpc_ids') { should include 'vpc-12345678' }
-    end
-
-    # Get a list of all VPC IDs
-    aws_vpcs.vpc_ids.each do |vpc_id|
-      # Do something with vpc_id
-    end
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### exists
-
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-
-    # You will always have at least one VPC
-    describe aws_vpcs
-      it { should exist }
-    end
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).

data/docs/resources/azure_generic_resource.md.erb

@@ -1,183 +0,0 @@
----
-title: About the azure_generic_resource Resource
----
-
-# azure\_generic\_resource
-
-<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
-
-Use the `azure_generic_resource` InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific Inspec resource for.
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.0.16 of InSpec.
-
-## Syntax
-
-    describe azure_generic_resource(group_name: 'MyResourceGroup', name: 'MyResource') do
-      its('property') { should eq 'value' }
-    end
-
-where
-
-* `MyResourceGroup` is the name of the resource group that contains the Azure Resource to be validated
-* `MyResource` is the name of the resource that needs to be checked
-* `property` This generic resource dynamically creates the properties on the fly based on the type of resource that has been targeted.
-* `value` is the expected output from the chosen property
-
-<br>
-
-## Parameters
-
-* `group_name`, `name`, `apiversion`, `type`
-
-<br>
-
-## Parameter Examples
-
-The options that can be passed to the resource are as follows.
-
-### group_name (required)
-
-Use this parameter to define the Azure Resource Group to be tested.
-
-    describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure') do
-        ...
-    end
-
-### name
-
-Use this parameter to define the name of the Azure resource to test.
-
-    describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM') do
-        ...
-    end
-
-### apiversion
-
-The API Version to use when querying the resource. Defaults to the latest version for the resource.
-
-    describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0') do
-        ...
-    end
-
-### type
-
-Use this parameter to define the type of resources to test.
-
-    describe azure_virtual_machine_data_disk(group_name: 'InSpec-Azure', name: 'Windows-Internal-VM', apiversion: '2.0', type: 'Microsoft.Compute/virtualMachines') do
-        ...
-    end
-
-These options can also be set using the environment variables:
-
-* `AZURE_RESOURCE_GROUP_NAME`
-* `AZURE_RESOURCE_NAME`
-* `AZURE_RESOURCE_TYPE`
-* `AZURE_RESOURCE_API_VERSION`
-
-When the options have been set as well as the environment variables, the environment variables take priority.
-
-<br>
-
-## Parameter Example
-
-    describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Linux-Internal-VM', apiversion: '2.0') do
-      its('location') { should eq 'westeurope' }
-    end
-
-<br>
-
-## Properties
-
-The properties that can be tested are entirely dependent on the Azure Resource that is under scrutiny. That means the properties vary. The best way to see what is available please use the [Azure Resources Portal](https://resources.azure.com) to select the resource you are interested in and see what can be tested.
-
-This resource allows you to test _any_ valid Azure Resource. The trade off for this is that the language to check each item is not as natural as it would be for a native Inspec resource.
-
-<br>
-
-## Property Examples
-
-The following examples show how to use some of the InSpec audit properties:
-
-### Tests the virtual machine's location
-
-    its('location') { should cmp 'westeurope' }
-
-### Tests for the presence of a specified address prefix
-
-    its('properties.addressSpace.addressPrefixes') { should include '10.1.1.0/24' }
-
-### Tests that virtual machine was created from the correct disk
-
-    its('properties.creationData.createOption') { should eq 'FromImage' }
-
-### Tests that the image is Ubuntu
-
-    its('properties.creationData.imageReference.id') { should match 'Canonical' }
-    its('properties.creationData.imageReference.id') { should match 'UbuntuServer' }
-    its('properties.creationData.imageReference.id') { should match '16.04.0-LTS' }
-
-### Tests the disk size
-
-    its('properties.diskSizeGB') { should be > 25 }
-
-### Tests the disk state
-
-    its('properties.diskState') { should cmp 'Attached' }
-
-### Tests that there are no custom DNS settings
-
-    its('properties.dnsSettings.dnsServers.count') { should eq 0 }
-    its('properties.dnsSettings.appliedDnsServers.count') { should eq 0 }
-
-### Tests that the NIC is connected to the correct machine
-
-    its('properties.virtualMachine.id') { should match 'Linux-External-VM' }
-
-### Tests that the blob and file services are enabled
-
-    its('properties.encryption.services.blob.enabled') { should be true }
-    its('properties.encryption.services.file.enabled') { should be true }
-    its('properties.encryption.keySource') { should cmp 'Microsoft.Storage' }
-
-### Test the hardware profile
-
-    its('properties.hardwareProfile.vmSize') { should cmp 'Standard_DS2_v2' }
-
-### Test the network interfaces
-
-    its('properties.networkProfile.networkInterfaces.count') { should eq 1 }
-
-### Test the authentication and OS type
-
-    its('properties.osProfile.computerName') { should eq 'linux-external-1' }
-    its('properties.osProfile.adminUsername') { should eq 'azure' }
-    its('properties.osProfile.linuxConfiguration.disablePasswordAuthentication') { should be true }
-
-### Test that the tags are properly set
-
-    it { should have_tags }
-    its('tag_count') { should be 1 }
-    its('tags') { should include 'Description' }
-    its('Description_tag') { should match 'Externally facing' }
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-<br>
-
-## References
-
-Please see the integration tests for in depth examples of how this resource can be used.
-
-[Inspec Integration Tests for Azure Generic Resources](https://github.com/chef/inspec/tree/master/test/integration/azure/verify/controls)