inspec 4.22.1

data/lib/resources/azure/azure_virtual_machine.rb

@@ -0,0 +1,262 @@
+require "resources/azure/azure_backend"
+
+module Inspec::Resources
+  class AzureVirtualMachine < AzureResourceBase
+    name "azure_virtual_machine"
+
+    desc '
+      InSpec Resource to test Azure Virtual Machines
+    '
+
+    supports platform: "azure"
+
+    # Constructor for the resource. This calls the parent constructor to
+    # get the generic resource for the specified machine. This will provide
+    # static methods that are documented
+    #
+    # @author Russell Seymour
+    def initialize(opts = {})
+      # The generic resource needs to pass back a Microsoft.Compute/virtualMachines object so force it
+      opts[:type] = "Microsoft.Compute/virtualMachines"
+      super(opts)
+
+      # Find the virtual machines
+      resources
+
+      create_tag_methods
+    end
+
+    # Method to catch calls that are not explicitly defined.
+    # This allows the simple attributes of the virtual machine to be read without having
+    # to define each one in turn.
+    #
+    # rubocop:disable Metrics/AbcSize
+    #
+    # @param symobl method_id The symbol of the method that has been called
+    #
+    # @return Value of attribute that has been called
+    def method_missing(method_id)
+      # Depending on the method that has been called, determine what value should be returned
+      # These are set as camel case methods to comply with rubocop
+      image_reference_attrs = %w{sku publisher offer}
+      osdisk_attrs = %w{os_type caching create_option disk_size_gb}
+      hardware_profile_attrs = %w{vm_size}
+      os_profile_attrs = %w{computer_name admin_username}
+      osdisk_managed_disk_attrs = %w{storage_account_type}
+
+      # determine the method name to call by converting the snake_case to camelCase
+      # method_name = self.camel_case(method_id.to_s)
+      method_name = method_id.to_s.split("_").inject([]) { |buffer, e| buffer.push(buffer.empty? ? e : e.capitalize) }.join
+      method_name.end_with?("Gb") ? method_name.gsub!(/Gb/, &:upcase) : false
+
+      if image_reference_attrs.include?(method_id.to_s)
+        properties.storageProfile.imageReference.send(method_name)
+      elsif osdisk_attrs.include?(method_id.to_s)
+        properties.storageProfile.osDisk.send(method_name)
+      elsif hardware_profile_attrs.include?(method_id.to_s)
+        properties.hardwareProfile.send(method_name)
+      elsif os_profile_attrs.include?(method_id.to_s)
+        properties.osProfile.send(method_name)
+      elsif osdisk_managed_disk_attrs.include?(method_id.to_s)
+        properties.storageProfile.osDisk.managedDisk.send(method_name)
+      end
+    end
+
+    # Return the name of the os disk
+    #
+    # @return string Name of the OS disk
+    def os_disk_name
+      properties.storageProfile.osDisk.name
+    end
+
+    # Determine if the OS disk is a managed disk
+    #
+    # @return boolean
+    def has_managed_osdisk?
+      defined?(properties.storageProfile.osDisk.managedDisk)
+    end
+
+    # Does the machine have any NICs connected
+    #
+    # @return boolean
+    def has_nics?
+      properties.networkProfile.networkInterfaces.count != 0
+    end
+
+    # How many NICs are connected to the machine
+    #
+    # @return integer
+    def nic_count
+      properties.networkProfile.networkInterfaces.count
+    end
+
+    # Return an array of the connected NICs so that it can be tested to ensure
+    # the machine is connected properly
+    #
+    # @return array Array of NIC names connected to the machine
+    def connected_nics
+      nic_names = []
+      properties.networkProfile.networkInterfaces.each do |nic|
+        nic_names << nic.id.split(%r{/}).last
+      end
+      nic_names
+    end
+
+    # Whether the machine has data disks or not
+    #
+    # @return boolean
+    def has_data_disks?
+      properties.storageProfile.dataDisks.count != 0
+    end
+
+    # How many data disks are connected
+    #
+    # @return integer
+    def data_disk_count
+      properties.storageProfile.dataDisks.count
+    end
+
+    # Does the machine allow password authentication
+    #
+    # This allows the use of
+    #   it { should have_password_authentication }
+    # within the InSpec profile
+    #
+    # @return boolean
+    def has_password_authentication?
+      password_authentication?
+    end
+
+    # Deteremine if the machine allows password authentication
+    #
+    # @return boolean
+    def password_authentication?
+      # if the osProfile property has a linuxConfiguration section then interrogate that
+      # otherwise it is a Windows machine and that always has password auth
+      if defined?(properties.osProfile.linuxConfiguration)
+        !properties.osProfile.linuxConfiguration.disablePasswordAuthentication
+      else
+        true
+      end
+    end
+
+    # Has the machine been given Custom Data at creation
+    #
+    # This allows the use of
+    #    it { should have_custom_data }
+    # within the InSpec Profile
+    #
+    # @return boolean
+    def has_custom_data?
+      custom_data?
+    end
+
+    # Determine if custom data has been set
+    #
+    # @return boolean
+    def custom_data?
+      if defined?(properties.osProfile.CustomData)
+        true
+      else
+        false
+      end
+    end
+
+    # Are any SSH Keys assigned to the machine
+    #
+    # This allows the use of
+    #    it { should have_ssh_keys }
+    # within the InSpec Profile
+    #
+    # @return boolean
+    def has_ssh_keys?
+      ssh_keys?
+    end
+
+    # Determine if any ssh keys have been asigned to the machine
+    #
+    # @return boolean
+    def ssh_keys?
+      if defined?(properties.osProfile.linuxConfiguration.ssh)
+        properties.osProfile.linuxConfiguration.ssh.publicKeys != 0
+      else
+        false
+      end
+    end
+
+    # Return the number of ssh keys that have been assigned to the machine
+    #
+    # @return integer
+    def ssh_key_count
+      if defined?(properties.osProfile.linuxConfiguration.ssh)
+        properties.osProfile.linuxConfiguration.ssh.publicKeys.count
+      else
+        0
+      end
+    end
+
+    # Determine is the specified key is in the ssh_keys list
+    #
+    # @return array Array of the public keys that are assigned to allow for testing of that key
+    def ssh_keys
+      # iterate around the keys
+      keys = []
+      properties.osProfile.linuxConfiguration.ssh.publicKeys.each do |key|
+        keys << key.keyData
+      end
+      keys
+    end
+
+    # Does the machine have boot diagnostics enabled
+    #
+    # @return boolean
+    def has_boot_diagnostics?
+      if defined?(properties.diagnosticsProfile)
+        properties.diagnosticsProfile.bootDiagnostics.enabled
+      else
+        false
+      end
+    end
+
+    # Return the URI that has been set for the boot diagnostics storage
+    #
+    # @return string
+    def boot_diagnostics_storage_uri
+      properties.diagnosticsProfile.bootDiagnostics.storageUri
+    end
+
+    # If this is a windows machine, returns whether the agent was provisioned or not
+    #
+    # @return boolean
+    def has_provision_vmagent?
+      if defined?(properties.osProfile.windowsConfiguration)
+        properties.osProfile.windowsConfiguration.provisionVMAgent
+      else
+        false
+      end
+    end
+
+    # If a windows machine see if automatic updates for the agent are enabled
+    #
+    # @return boolean
+    def has_automatic_agent_update?
+      if defined?(properties.osProfile.windowsConfiguration)
+        properties.osProfile.windowsConfiguration.enableAutomaticUpdates
+      else
+        false
+      end
+    end
+
+    # If this is a windows machine return a boolean to state of the WinRM options
+    # have been set
+    #
+    # @return boolean
+    def has_winrm_options?
+      if defined?(properties.osProfile.windowsConfiguration) && defined?(properties.osProfile.windowsConfiguration.winrm)
+        properties.osProfile.windowsConfiguration.winrm.protocol
+      else
+        false
+      end
+    end
+  end
+end

data/lib/resources/azure/azure_virtual_machine_data_disk.rb

@@ -0,0 +1,131 @@
+require "resources/azure/azure_backend"
+require "uri"
+
+module Inspec::Resources
+  class AzureVirtualMachineDataDisk < AzureResourceBase
+    name "azure_virtual_machine_data_disk"
+
+    desc '
+      InSpec Resource to ensure that the data disks attached to a machine are correct
+    '
+
+    supports platform: "azure"
+
+    # Create a filter table so that tests on the disk can be performed
+    filter = FilterTable.create
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:disk, field: :disk)
+      .register_column(:number, field: :number)
+      .register_column(:name, field: :name)
+      .register_column(:size, field: :size)
+      .register_column(:vhd_uri, field: :vhd_uri)
+      .register_column(:storage_account_name, field: :storage_account_name)
+      .register_column(:lun, field: :lun)
+      .register_column(:caching, field: :caching)
+      .register_column(:create_option, field: :create_option)
+      .register_column(:is_managed_disk?, field: :is_managed_disk?)
+      .register_column(:storage_account_type, field: :storage_account_type)
+      .register_column(:subscription_id, field: :subscription_id)
+      .register_column(:resource_group, field: :resource_group)
+    filter.install_filter_methods_on_resource(self, :datadisk_details)
+
+    # Constructor for the resource. This calls the parent constructor to
+    # get the generic resource for the specified machine. This will provide
+    # static methods that are documented
+    #
+    # @author Russell Seymour
+    def initialize(opts = {})
+      # The generic resource needs to pass back a Microsoft.Compute/virtualMachines object so force it
+      opts[:type] = "Microsoft.Compute/virtualMachines"
+      super(opts)
+
+      # Get the data disks
+      resources
+    end
+
+    # Return information about the disks and add to the filter table so that
+    # assertions can be performed
+    #
+    # @author Russell Seymour
+    def datadisk_details
+      return if failed_resource?
+
+      # Iterate around the data disks on the machine
+      properties.storageProfile.dataDisks.each_with_index.map do |datadisk, index|
+        # Call function to parse the data disks and return an object based on the parameters
+        parse_datadisk(datadisk, index)
+      end
+    end
+
+    # Return boolean to denote if the machine has data disks attached or not
+    def has_data_disks?
+      !entries.empty?
+    end
+
+    # Return an integer stating how many data disks are attached to the machine
+    def count
+      entries.count
+    end
+
+    # Return boolean to state if the machine is using managed disks for data disks
+    def has_managed_disks?
+      # iterate around the entries
+      result = entries.each.select { |e| e[:is_managed_disk?] }
+      result.empty? ? false : true
+    end
+
+    private
+
+    # Parse the data disk to determine if these are managed disks or in a storage account
+    # for example. The disk index, name and size will be returned
+    #
+    # params object disk Object containing the details of the disk
+    # params integer index Index denoting which disk number this is on the machine
+    #
+    # return hashtable
+    def parse_datadisk(disk, index)
+      # Configure parsed hashtable to hold the information
+      # Initialise this with common attributes from the different types of disk
+      parsed = {
+        disk: index,
+        number: index + 1,
+        lun: disk.lun,
+        name: disk.name,
+        size: disk.diskSizeGB,
+        caching: disk.caching,
+        create_option: disk.createOption,
+      }
+
+      # Determine if the current disk is a managed disk or not
+      if defined?(disk.vhd)
+        # As this is in a storage account this is not a managed disk
+        parsed[:is_managed_disk?] = false
+
+        # Set information about the disk
+        # Parse the uri of the disk URI so that the storage account can be retrieved
+        uri = URI.parse(disk.vhd.uri)
+        parsed[:vhd_uri] = disk.vhd.uri
+        parsed[:storage_account_name] = uri.host.split(".").first
+
+      elsif defined?(disk.managedDisk)
+        # State that this is a managed disk
+        parsed[:is_managed_disk?] = true
+
+        # Get information about the managed disk
+        parsed[:storage_account_type] = disk.managedDisk.storageAccountType
+        parsed[:id] = disk.managedDisk.id
+
+        # Break up the ID string so that the following information can get retreived
+        # - subscription_id
+        # - resource_group
+        id_parts = parsed[:id].split(%r{/}).reject(&:empty?)
+
+        parsed[:subscription_id] = id_parts[1]
+        parsed[:resource_group] = id_parts[3]
+      end
+
+      # return the parsed object
+      parsed
+    end
+  end
+end

metadata

@@ -0,0 +1,202 @@
+--- !ruby/object:Gem::Specification
+name: inspec
+version: !ruby/object:Gem::Version
+  version: 4.22.1
+platform: ruby
+authors:
+- Chef InSpec Team
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-07-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: inspec-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 4.22.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 4.22.1
+- !ruby/object:Gem::Dependency
+  name: train
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+- !ruby/object:Gem::Dependency
+  name: train-habitat
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: train-aws
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: train-winrm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+description: InSpec provides a framework for creating end-to-end infrastructure tests.
+  You can use it for integration or even compliance testing. Create fully portable
+  test profiles and use them in your workflow to ensure stability and security. Integrate
+  InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
+email:
+- inspec@chef.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- inspec.gemspec
+- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile
+- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec
+- lib/plugins/inspec-init/templates/profiles/aws/README.md
+- lib/plugins/inspec-init/templates/profiles/aws/attributes.yml
+- lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
+- lib/plugins/inspec-init/templates/profiles/azure/README.md
+- lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/azure/inspec.yml
+- lib/plugins/inspec-init/templates/profiles/gcp/README.md
+- lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml
+- lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
+- lib/resource_support/aws.rb
+- lib/resource_support/aws/aws_backend_base.rb
+- lib/resource_support/aws/aws_backend_factory_mixin.rb
+- lib/resource_support/aws/aws_plural_resource_mixin.rb
+- lib/resource_support/aws/aws_resource_mixin.rb
+- lib/resource_support/aws/aws_singular_resource_mixin.rb
+- lib/resources/aws/aws_billing_report.rb
+- lib/resources/aws/aws_billing_reports.rb
+- lib/resources/aws/aws_cloudtrail_trail.rb
+- lib/resources/aws/aws_cloudtrail_trails.rb
+- lib/resources/aws/aws_cloudwatch_alarm.rb
+- lib/resources/aws/aws_cloudwatch_log_metric_filter.rb
+- lib/resources/aws/aws_config_delivery_channel.rb
+- lib/resources/aws/aws_config_recorder.rb
+- lib/resources/aws/aws_ebs_volume.rb
+- lib/resources/aws/aws_ebs_volumes.rb
+- lib/resources/aws/aws_ec2_instance.rb
+- lib/resources/aws/aws_ec2_instances.rb
+- lib/resources/aws/aws_ecs_cluster.rb
+- lib/resources/aws/aws_eks_cluster.rb
+- lib/resources/aws/aws_elb.rb
+- lib/resources/aws/aws_elbs.rb
+- lib/resources/aws/aws_flow_log.rb
+- lib/resources/aws/aws_iam_access_key.rb
+- lib/resources/aws/aws_iam_access_keys.rb
+- lib/resources/aws/aws_iam_group.rb
+- lib/resources/aws/aws_iam_groups.rb
+- lib/resources/aws/aws_iam_password_policy.rb
+- lib/resources/aws/aws_iam_policies.rb
+- lib/resources/aws/aws_iam_policy.rb
+- lib/resources/aws/aws_iam_role.rb
+- lib/resources/aws/aws_iam_root_user.rb
+- lib/resources/aws/aws_iam_user.rb
+- lib/resources/aws/aws_iam_users.rb
+- lib/resources/aws/aws_kms_key.rb
+- lib/resources/aws/aws_kms_keys.rb
+- lib/resources/aws/aws_rds_instance.rb
+- lib/resources/aws/aws_route_table.rb
+- lib/resources/aws/aws_route_tables.rb
+- lib/resources/aws/aws_s3_bucket.rb
+- lib/resources/aws/aws_s3_bucket_object.rb
+- lib/resources/aws/aws_s3_buckets.rb
+- lib/resources/aws/aws_security_group.rb
+- lib/resources/aws/aws_security_groups.rb
+- lib/resources/aws/aws_sns_subscription.rb
+- lib/resources/aws/aws_sns_topic.rb
+- lib/resources/aws/aws_sns_topics.rb
+- lib/resources/aws/aws_sqs_queue.rb
+- lib/resources/aws/aws_subnet.rb
+- lib/resources/aws/aws_subnets.rb
+- lib/resources/aws/aws_vpc.rb
+- lib/resources/aws/aws_vpcs.rb
+- lib/resources/azure/azure_backend.rb
+- lib/resources/azure/azure_generic_resource.rb
+- lib/resources/azure/azure_resource_group.rb
+- lib/resources/azure/azure_virtual_machine.rb
+- lib/resources/azure/azure_virtual_machine_data_disk.rb
+homepage: https://github.com/inspec/inspec
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Infrastructure and compliance testing.
+test_files: []