inspec 3.7.1 → 3.7.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +7 -2
- data/lib/inspec/config.rb +12 -0
- data/lib/inspec/shell.rb +2 -15
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-habitat/Berksfile +5 -0
- data/lib/plugins/inspec-habitat/README.md +150 -0
- data/lib/plugins/inspec-habitat/kitchen.yml +28 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +9 -9
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +164 -280
- data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb +25 -0
- data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb +9 -0
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +32 -0
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +85 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +2 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +28 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +9 -0
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +61 -0
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +38 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +40 -0
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +3 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +7 -0
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +10 -0
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +188 -132
- data/lib/plugins/inspec-init/templates/profiles/azure/README.md +56 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +15 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +14 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/libraries/.gitkeep +0 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +12 -0
- data/lib/resources/aide_conf.rb +2 -2
- data/lib/resources/apache.rb +2 -2
- data/lib/resources/apache_conf.rb +2 -2
- data/lib/resources/apt.rb +2 -2
- data/lib/resources/audit_policy.rb +2 -2
- data/lib/resources/auditd.rb +2 -2
- data/lib/resources/auditd_conf.rb +2 -2
- data/lib/resources/aws/aws_billing_report.rb +3 -2
- data/lib/resources/aws/aws_billing_reports.rb +11 -10
- data/lib/resources/aws/aws_cloudtrail_trail.rb +2 -2
- data/lib/resources/aws/aws_cloudtrail_trails.rb +2 -2
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -9
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +18 -18
- data/lib/resources/aws/aws_config_delivery_channel.rb +2 -2
- data/lib/resources/aws/aws_config_recorder.rb +2 -2
- data/lib/resources/aws/aws_ebs_volume.rb +2 -2
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -2
- data/lib/resources/aws/aws_ec2_instance.rb +2 -2
- data/lib/resources/aws/aws_ec2_instances.rb +2 -2
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +2 -2
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +2 -2
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +2 -2
- data/lib/resources/aws/aws_iam_access_keys.rb +2 -2
- data/lib/resources/aws/aws_iam_group.rb +2 -2
- data/lib/resources/aws/aws_iam_groups.rb +2 -2
- data/lib/resources/aws/aws_iam_password_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_policies.rb +2 -2
- data/lib/resources/aws/aws_iam_policy.rb +2 -2
- data/lib/resources/aws/aws_iam_role.rb +2 -2
- data/lib/resources/aws/aws_iam_root_user.rb +2 -2
- data/lib/resources/aws/aws_iam_user.rb +2 -2
- data/lib/resources/aws/aws_iam_users.rb +2 -2
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +2 -2
- data/lib/resources/aws/aws_rds_instance.rb +2 -2
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket.rb +2 -2
- data/lib/resources/aws/aws_s3_bucket_object.rb +2 -2
- data/lib/resources/aws/aws_s3_buckets.rb +2 -2
- data/lib/resources/aws/aws_security_group.rb +5 -5
- data/lib/resources/aws/aws_security_groups.rb +2 -2
- data/lib/resources/aws/aws_sns_subscription.rb +2 -2
- data/lib/resources/aws/aws_sns_topic.rb +2 -2
- data/lib/resources/aws/aws_sns_topics.rb +2 -2
- data/lib/resources/aws/aws_sqs_queue.rb +2 -2
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +2 -2
- data/lib/resources/aws/aws_vpc.rb +2 -2
- data/lib/resources/aws/aws_vpcs.rb +2 -2
- data/lib/resources/bash.rb +2 -2
- data/lib/resources/bond.rb +2 -2
- data/lib/resources/bridge.rb +2 -2
- data/lib/resources/chocolatey_package.rb +2 -2
- data/lib/resources/command.rb +2 -2
- data/lib/resources/cpan.rb +2 -2
- data/lib/resources/cran.rb +2 -2
- data/lib/resources/crontab.rb +2 -2
- data/lib/resources/csv.rb +2 -2
- data/lib/resources/dh_params.rb +2 -2
- data/lib/resources/directory.rb +2 -2
- data/lib/resources/docker.rb +2 -2
- data/lib/resources/docker_container.rb +2 -2
- data/lib/resources/docker_image.rb +2 -2
- data/lib/resources/docker_plugin.rb +2 -2
- data/lib/resources/docker_service.rb +2 -2
- data/lib/resources/elasticsearch.rb +2 -2
- data/lib/resources/etc_fstab.rb +2 -2
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/etc_hosts.rb +2 -2
- data/lib/resources/etc_hosts_allow_deny.rb +4 -4
- data/lib/resources/file.rb +2 -2
- data/lib/resources/filesystem.rb +2 -2
- data/lib/resources/firewalld.rb +2 -2
- data/lib/resources/gem.rb +2 -2
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +2 -2
- data/lib/resources/host.rb +2 -2
- data/lib/resources/http.rb +25 -5
- data/lib/resources/iis_app.rb +2 -2
- data/lib/resources/iis_app_pool.rb +6 -3
- data/lib/resources/iis_site.rb +4 -4
- data/lib/resources/inetd_conf.rb +2 -2
- data/lib/resources/ini.rb +2 -2
- data/lib/resources/interface.rb +2 -2
- data/lib/resources/iptables.rb +2 -2
- data/lib/resources/json.rb +2 -3
- data/lib/resources/kernel_module.rb +17 -18
- data/lib/resources/kernel_parameter.rb +2 -2
- data/lib/resources/key_rsa.rb +2 -2
- data/lib/resources/ksh.rb +2 -2
- data/lib/resources/limits_conf.rb +2 -2
- data/lib/resources/login_def.rb +2 -2
- data/lib/resources/mount.rb +2 -2
- data/lib/resources/mssql_session.rb +2 -2
- data/lib/resources/mysql_conf.rb +2 -2
- data/lib/resources/mysql_session.rb +2 -2
- data/lib/resources/nginx.rb +2 -2
- data/lib/resources/nginx_conf.rb +2 -2
- data/lib/resources/npm.rb +2 -2
- data/lib/resources/ntp_conf.rb +2 -2
- data/lib/resources/oneget.rb +2 -2
- data/lib/resources/oracledb_session.rb +2 -2
- data/lib/resources/os.rb +2 -2
- data/lib/resources/os_env.rb +2 -2
- data/lib/resources/package.rb +2 -2
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +4 -4
- data/lib/resources/passwd.rb +2 -2
- data/lib/resources/pip.rb +2 -2
- data/lib/resources/platform.rb +2 -2
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +2 -2
- data/lib/resources/postgres_hba_conf.rb +2 -2
- data/lib/resources/postgres_ident_conf.rb +2 -2
- data/lib/resources/postgres_session.rb +2 -2
- data/lib/resources/powershell.rb +2 -2
- data/lib/resources/processes.rb +2 -2
- data/lib/resources/rabbitmq_conf.rb +2 -2
- data/lib/resources/registry_key.rb +2 -2
- data/lib/resources/security_identifier.rb +2 -2
- data/lib/resources/security_policy.rb +2 -2
- data/lib/resources/service.rb +14 -14
- data/lib/resources/shadow.rb +2 -2
- data/lib/resources/ssh_conf.rb +4 -4
- data/lib/resources/ssl.rb +2 -2
- data/lib/resources/sys_info.rb +2 -2
- data/lib/resources/toml.rb +2 -2
- data/lib/resources/users.rb +4 -4
- data/lib/resources/vbscript.rb +2 -2
- data/lib/resources/virtualization.rb +2 -2
- data/lib/resources/windows_feature.rb +2 -2
- data/lib/resources/windows_hotfix.rb +2 -2
- data/lib/resources/windows_task.rb +2 -2
- data/lib/resources/wmi.rb +2 -2
- data/lib/resources/x509_certificate.rb +2 -2
- data/lib/resources/xinetd.rb +2 -2
- data/lib/resources/xml.rb +2 -2
- data/lib/resources/yaml.rb +2 -2
- data/lib/resources/yum.rb +2 -2
- data/lib/resources/zfs_dataset.rb +2 -2
- data/lib/resources/zfs_pool.rb +2 -2
- metadata +26 -4
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsEc2Instances < Inspec.resource(1)
|
|
2
2
|
name 'aws_ec2_instances'
|
|
3
3
|
desc 'Verifies settings for AWS EC2 Instances in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_ec2_instances do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsEcsCluster < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_ecs_cluster'
|
|
3
3
|
desc 'Verifies settings for an ECS cluster'
|
|
4
4
|
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_ecs_cluster('default') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsEksCluster < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_eks_cluster'
|
|
3
3
|
desc 'Verifies settings for an EKS cluster'
|
|
4
4
|
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_eks_cluster('default') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsElb < Inspec.resource(1)
|
|
2
2
|
name 'aws_elb'
|
|
3
3
|
desc 'Verifies settings for AWS Elastic Load Balancer'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_elb('myelb') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsElbs < Inspec.resource(1)
|
|
2
2
|
name 'aws_elbs'
|
|
3
3
|
desc 'Verifies settings for AWS ELBs (classic Elastic Load Balancers) in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_elbs do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@ class AwsFlowLog < Inspec.resource(1)
|
|
|
2
2
|
name 'aws_flow_log'
|
|
3
3
|
supports platform: 'aws'
|
|
4
4
|
desc 'This resource is used to test the attributes of a Flow Log.'
|
|
5
|
-
example <<~
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_flow_log('fl-9c718cf5') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
12
12
|
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
class AwsIamAccessKey < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_access_key'
|
|
3
3
|
desc 'Verifies settings for an individual IAM access key'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_access_key(username: 'username', id: 'access-key id') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
it { should_not be_active }
|
|
8
8
|
its('create_date') { should be > Time.now - 365 * 86400 }
|
|
9
9
|
its('last_used_date') { should be > Time.now - 90 * 86400 }
|
|
10
10
|
end
|
|
11
|
-
|
|
11
|
+
EXAMPLE
|
|
12
12
|
supports platform: 'aws'
|
|
13
13
|
|
|
14
14
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamAccessKeys < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_access_keys'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Access Keys in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_access_keys do
|
|
6
6
|
it { should_not exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamGroup < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_group'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Group'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_group('mygroup') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamGroups < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_groups'
|
|
3
3
|
desc 'Verifies settings for AWS IAM groups in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_groups do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -3,7 +3,7 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
|
|
|
3
3
|
name 'aws_iam_password_policy'
|
|
4
4
|
desc 'Verifies iam password policy'
|
|
5
5
|
|
|
6
|
-
example
|
|
6
|
+
example <<~EXAMPLE
|
|
7
7
|
describe aws_iam_password_policy do
|
|
8
8
|
its('requires_lowercase_characters?') { should be true }
|
|
9
9
|
end
|
|
@@ -11,7 +11,7 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
|
|
|
11
11
|
describe aws_iam_password_policy do
|
|
12
12
|
its('requires_uppercase_characters?') { should be true }
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
EXAMPLE
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
17
17
|
# TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamPolicies < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_policies'
|
|
3
3
|
desc 'Verifies settings for AWS IAM Policies in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_policies do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -5,11 +5,11 @@ require 'uri'
|
|
|
5
5
|
class AwsIamPolicy < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_policy'
|
|
7
7
|
desc 'Verifies settings for individual AWS IAM Policy'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_policy('AWSSupportAccess') do
|
|
10
10
|
it { should be_attached }
|
|
11
11
|
end
|
|
12
|
-
|
|
12
|
+
EXAMPLE
|
|
13
13
|
supports platform: 'aws'
|
|
14
14
|
|
|
15
15
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamRole < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_role'
|
|
3
3
|
desc 'Verifies settings for an IAM Role'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_role('my-role') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsIamRootUser < Inspec.resource(1)
|
|
2
2
|
name 'aws_iam_root_user'
|
|
3
3
|
desc 'Verifies settings for AWS root account'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_iam_root_user do
|
|
6
6
|
it { should have_access_key }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
# TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
|
|
@@ -5,14 +5,14 @@
|
|
|
5
5
|
class AwsIamUser < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_user'
|
|
7
7
|
desc 'Verifies settings for AWS IAM user'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_user(username: 'test_user') do
|
|
10
10
|
it { should have_mfa_enabled }
|
|
11
11
|
it { should_not have_console_password }
|
|
12
12
|
it { should_not have_inline_user_policies }
|
|
13
13
|
it { should_not have_attached_user_policies }
|
|
14
14
|
end
|
|
15
|
-
|
|
15
|
+
EXAMPLE
|
|
16
16
|
supports platform: 'aws'
|
|
17
17
|
|
|
18
18
|
include AwsSingularResourceMixin
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
class AwsIamUsers < Inspec.resource(1)
|
|
6
6
|
name 'aws_iam_users'
|
|
7
7
|
desc 'Verifies settings for AWS IAM users'
|
|
8
|
-
example
|
|
8
|
+
example <<~EXAMPLE
|
|
9
9
|
describe aws_iam_users.where(has_mfa_enabled?: false) do
|
|
10
10
|
it { should_not exist }
|
|
11
11
|
end
|
|
@@ -18,7 +18,7 @@ class AwsIamUsers < Inspec.resource(1)
|
|
|
18
18
|
describe aws_iam_users.where(has_attached_policies?: true) do
|
|
19
19
|
it { should_not exist }
|
|
20
20
|
end
|
|
21
|
-
|
|
21
|
+
EXAMPLE
|
|
22
22
|
supports platform: 'aws'
|
|
23
23
|
|
|
24
24
|
include AwsPluralResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsKmsKey < Inspec.resource(1)
|
|
2
2
|
name 'aws_kms_key'
|
|
3
3
|
desc 'Verifies settings for an individual AWS KMS Key'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsKmsKeys < Inspec.resource(1)
|
|
2
2
|
name 'aws_kms_keys'
|
|
3
3
|
desc 'Verifies settings for AWS KMS Keys in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_kms_keys do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
class AwsRdsInstance < Inspec.resource(1)
|
|
3
3
|
name 'aws_rds_instance'
|
|
4
4
|
desc 'Verifies settings for an rds instance'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsRouteTable < Inspec.resource(1)
|
|
2
2
|
name 'aws_route_table'
|
|
3
3
|
desc 'Verifies settings for an AWS Route Table'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_route_table do
|
|
6
6
|
its('route_table_id') { should cmp 'rtb-05462d2278326a79c' }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsSingularResourceMixin
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class AwsRouteTables < Inspec.resource(1)
|
|
2
2
|
name 'aws_route_tables'
|
|
3
3
|
desc 'Verifies settings for AWS Route Tables in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_route_tables do
|
|
6
6
|
it { should exist }
|
|
7
7
|
end
|
|
8
|
-
|
|
8
|
+
EXAMPLE
|
|
9
9
|
supports platform: 'aws'
|
|
10
10
|
|
|
11
11
|
include AwsPluralResourceMixin
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
class AwsS3Bucket < Inspec.resource(1)
|
|
3
3
|
name 'aws_s3_bucket'
|
|
4
4
|
desc 'Verifies settings for a s3 bucket'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_s3_bucket(bucket_name: 'test_bucket') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
class AwsS3BucketObject < Inspec.resource(1)
|
|
3
3
|
name 'aws_s3_bucket_object'
|
|
4
4
|
desc 'Verifies settings for a s3 bucket object'
|
|
5
|
-
example
|
|
5
|
+
example <<~EXAMPLE
|
|
6
6
|
describe aws_s3_bucket_object(bucket_name: 'bucket_name', key: 'file_name') do
|
|
7
7
|
it { should exist }
|
|
8
8
|
it { should_not be_public }
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
EXAMPLE
|
|
11
11
|
supports platform: 'aws'
|
|
12
12
|
|
|
13
13
|
include AwsSingularResourceMixin
|
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
class AwsS3Buckets < Inspec.resource(1)
|
|
4
4
|
name 'aws_s3_buckets'
|
|
5
5
|
desc 'Verifies settings for AWS S3 Buckets in bulk'
|
|
6
|
-
example
|
|
6
|
+
example <<~EXAMPLE
|
|
7
7
|
describe aws_s3_bucket do
|
|
8
8
|
its('bucket_names') { should eq ['my_bucket'] }
|
|
9
9
|
end
|
|
10
|
-
|
|
10
|
+
EXAMPLE
|
|
11
11
|
supports platform: 'aws'
|
|
12
12
|
|
|
13
13
|
include AwsPluralResourceMixin
|
|
@@ -4,11 +4,11 @@ require 'ipaddr'
|
|
|
4
4
|
class AwsSecurityGroup < Inspec.resource(1)
|
|
5
5
|
name 'aws_security_group'
|
|
6
6
|
desc 'Verifies settings for an individual AWS Security Group.'
|
|
7
|
-
example
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
example <<~EXAMPLE
|
|
8
|
+
describe aws_security_group('sg-12345678') do
|
|
9
|
+
it { should exist }
|
|
10
|
+
end
|
|
11
|
+
EXAMPLE
|
|
12
12
|
supports platform: 'aws'
|
|
13
13
|
|
|
14
14
|
include AwsSingularResourceMixin
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class AwsSecurityGroups < Inspec.resource(1)
|
|
2
2
|
name 'aws_security_groups'
|
|
3
3
|
desc 'Verifies settings for AWS Security Groups in bulk'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
# Verify that you have security groups defined
|
|
6
6
|
describe aws_security_groups do
|
|
7
7
|
it { should exist }
|
|
@@ -11,7 +11,7 @@ class AwsSecurityGroups < Inspec.resource(1)
|
|
|
11
11
|
describe aws_security_groups do
|
|
12
12
|
its('entries.count') { should be > 1 }
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
EXAMPLE
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
17
17
|
include AwsPluralResourceMixin
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class AwsSnsSubscription < Inspec.resource(1)
|
|
2
2
|
name 'aws_sns_subscription'
|
|
3
3
|
desc 'Verifies settings for an SNS Subscription'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
|
|
6
6
|
it { should_not have_raw_message_delivery }
|
|
7
7
|
it { should be_confirmation_authenticated }
|
|
@@ -10,7 +10,7 @@ class AwsSnsSubscription < Inspec.resource(1)
|
|
|
10
10
|
its('endpoint') { should cmp 'arn:aws:sqs:us-east-1::test-queue-01' }
|
|
11
11
|
its('protocol') { should cmp 'sqs' }
|
|
12
12
|
end
|
|
13
|
-
|
|
13
|
+
EXAMPLE
|
|
14
14
|
|
|
15
15
|
supports platform: 'aws'
|
|
16
16
|
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
class AwsSnsTopic < Inspec.resource(1)
|
|
2
2
|
name 'aws_sns_topic'
|
|
3
3
|
desc 'Verifies settings for an SNS Topic'
|
|
4
|
-
example
|
|
4
|
+
example <<~EXAMPLE
|
|
5
5
|
describe aws_sns_topic('arn:aws:sns:us-east-1:123456789012:some-topic') do
|
|
6
6
|
it { should exist }
|
|
7
7
|
its('confirmed_subscription_count') { should_not be_zero }
|
|
8
8
|
end
|
|
9
|
-
|
|
9
|
+
EXAMPLE
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|