inspec 4.3.2 → 4.6.3

data/lib/resource_support/aws/aws_plural_resource_mixin.rb

@@ -1,3 +1,6 @@
+require "resource_support/aws/aws_resource_mixin"
+require "resource_support/aws/aws_backend_factory_mixin"
+
 module AwsPluralResourceMixin
   include AwsResourceMixin
   attr_reader :table
@@ -16,6 +19,6 @@ module AwsPluralResourceMixin
       extend AwsBackendFactoryMixin
     end
     # Name that class
-    base.const_set('BackendFactory', resource_backend_factory_class)
+    base.const_set("BackendFactory", resource_backend_factory_class)
   end
 end

data/lib/resource_support/aws/aws_resource_mixin.rb

@@ -1,6 +1,7 @@
 module AwsResourceMixin
   def initialize(resource_params = {})
-    Inspec.deprecate(:aws_resources_in_resource_pack, "Resource '#{@__resource_name__}'")
+    Inspec.deprecate(:aws_resources_in_resource_pack,
+                     "Resource '#{@__resource_name__ ||= self.class.to_s}'")
     validate_params(resource_params).each do |param, value|
       instance_variable_set(:"@#{param}", value)
     end
@@ -25,7 +26,7 @@ module AwsResourceMixin
       if value_seen.is_a?(allowed_scalar_type)
         raw_params = { allowed_scalar_name => value_seen }
       else
-        raise ArgumentError, 'If you pass a single value to the resource, it must ' \
+        raise ArgumentError, "If you pass a single value to the resource, it must " \
                              "be a #{allowed_scalar_type}, not an #{value_seen.class}."
       end
     end
@@ -60,7 +61,7 @@ module AwsResourceMixin
     # The AWS error here is unhelpful:
     # "unable to sign request without credentials set"
     Inspec::Log.error "It appears that you have not set your AWS credentials.  You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target.  See https://www.inspec.io/docs/reference/platforms for details."
-    fail_resource('No AWS credentials available')
+    fail_resource("No AWS credentials available")
   rescue Aws::Errors::ServiceError => e
     fail_resource e.message
   end

data/lib/resource_support/aws/aws_singular_resource_mixin.rb

@@ -1,3 +1,6 @@
+require "resource_support/aws/aws_resource_mixin"
+require "resource_support/aws/aws_backend_factory_mixin"
+
 module AwsSingularResourceMixin
   include AwsResourceMixin
 
@@ -19,6 +22,6 @@ module AwsSingularResourceMixin
       extend AwsBackendFactoryMixin
     end
     # Name that class
-    base.const_set('BackendFactory', resource_backend_factory_class)
+    base.const_set("BackendFactory", resource_backend_factory_class)
   end
 end

data/lib/resources/aws/aws_billing_report.rb

@@ -1,7 +1,14 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-costandusagereportservice.rb"
+
 class AwsBillingReport < Inspec.resource(1)
-  name 'aws_billing_report'
-  supports platform: 'aws'
-  desc 'Verifies settings for AWS Cost and Billing Reports.'
+  name "aws_billing_report"
+  supports platform: "aws"
+  desc "Verifies settings for AWS Cost and Billing Reports."
   example <<~EXAMPLE
     describe aws_billing_report('inspec1') do
       its('report_name') { should cmp 'inspec1' }
@@ -23,19 +30,19 @@ class AwsBillingReport < Inspec.resource(1)
   end
 
   def hourly?
-    exists? ? time_unit.eql?('hourly') : nil
+    exists? ? time_unit.eql?("hourly") : nil
   end
 
   def daily?
-    exists? ? time_unit.eql?('daily') : nil
+    exists? ? time_unit.eql?("daily") : nil
   end
 
   def zip?
-    exists? ? compression.eql?('zip') : nil
+    exists? ? compression.eql?("zip") : nil
   end
 
   def gzip?
-    exists? ? compression.eql?('gzip') : nil
+    exists? ? compression.eql?("gzip") : nil
   end
 
   private
@@ -45,7 +52,7 @@ class AwsBillingReport < Inspec.resource(1)
       raw_params: raw_params,
       allowed_params: [:report_name],
       allowed_scalar_name: :report_name,
-      allowed_scalar_type: String,
+      allowed_scalar_type: String
     )
 
     if validated_params.empty?

data/lib/resources/aws/aws_billing_reports.rb

@@ -1,9 +1,12 @@
-require 'utils/filter'
+require "inspec/utils/filter"
+require "resource_support/aws/aws_plural_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-costandusagereportservice"
 
 class AwsBillingReports < Inspec.resource(1)
-  name 'aws_billing_reports'
-  supports platform: 'aws'
-  desc 'Verifies settings for AWS Cost and Billing Reports.'
+  name "aws_billing_reports"
+  supports platform: "aws"
+  desc "Verifies settings for AWS Cost and Billing Reports."
   example <<~EXAMPLE
     describe aws_billing_reports do
       its('report_names') { should include 'inspec1' }
@@ -32,13 +35,13 @@ class AwsBillingReports < Inspec.resource(1)
 
   def validate_params(resource_params)
     unless resource_params.empty?
-      raise ArgumentError, 'aws_billing_reports does not accept resource parameters.'
+      raise ArgumentError, "aws_billing_reports does not accept resource parameters."
     end
     resource_params
   end
 
   def to_s
-    'AWS Billing Reports'
+    "AWS Billing Reports"
   end
 
   def fetch_from_api
@@ -49,7 +52,7 @@ class AwsBillingReports < Inspec.resource(1)
       api_result = backend.describe_report_definitions(pagination_opts)
       api_result.report_definitions.each do |raw_report|
         report = raw_report.to_h
-        %i(time_unit compression).each { |field| report[field].downcase! }
+        %i{time_unit compression}.each { |field| report[field].downcase! }
         @table << report
       end
       pagination_opts = { next_token: api_result.next_token }

data/lib/resources/aws/aws_cloudtrail_trail.rb

@@ -1,13 +1,17 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-cloudtrail"
+
 class AwsCloudTrailTrail < Inspec.resource(1)
-  name 'aws_cloudtrail_trail'
-  desc 'Verifies settings for an individual AWS CloudTrail Trail'
+  name "aws_cloudtrail_trail"
+  desc "Verifies settings for an individual AWS CloudTrail Trail"
   example <<~EXAMPLE
     describe aws_cloudtrail_trail('trail-name') do
       it { should exist }
     end
   EXAMPLE
 
-  supports platform: 'aws'
+  supports platform: "aws"
 
   include AwsSingularResourceMixin
   attr_reader :cloud_watch_logs_log_group_arn, :cloud_watch_logs_role_arn, :home_region,
@@ -34,7 +38,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
     catch_aws_errors do
       begin
         resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
-        ((Time.now - resp[:latest_cloud_watch_logs_delivery_time])/(24*60*60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
+        ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
       rescue Aws::CloudTrail::Errors::TrailNotFoundException
         nil
       end
@@ -48,7 +52,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
       raw_params: raw_params,
       allowed_params: [:trail_name],
       allowed_scalar_name: :trail_name,
-      allowed_scalar_type: String,
+      allowed_scalar_type: String
     )
 
     if validated_params.empty?

data/lib/resources/aws/aws_cloudtrail_trails.rb

@@ -1,18 +1,22 @@
+require "resource_support/aws/aws_plural_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-cloudtrail"
+
 class AwsCloudTrailTrails < Inspec.resource(1)
-  name 'aws_cloudtrail_trails'
-  desc 'Verifies settings for AWS CloudTrail Trails in bulk'
+  name "aws_cloudtrail_trails"
+  desc "Verifies settings for AWS CloudTrail Trails in bulk"
   example <<~EXAMPLE
     describe aws_cloudtrail_trails do
       it { should exist }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
 
   include AwsPluralResourceMixin
 
   def validate_params(resource_params)
     unless resource_params.empty?
-      raise ArgumentError, 'aws_cloudtrail_trails does not accept resource parameters.'
+      raise ArgumentError, "aws_cloudtrail_trails does not accept resource parameters."
     end
     resource_params
   end
@@ -25,7 +29,7 @@ class AwsCloudTrailTrails < Inspec.resource(1)
   filter.install_filter_methods_on_resource(self, :table)
 
   def to_s
-    'CloudTrail Trails'
+    "CloudTrail Trails"
   end
 
   def fetch_from_api

data/lib/resources/aws/aws_cloudwatch_alarm.rb

@@ -1,5 +1,9 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-cloudwatch"
+
 class AwsCloudwatchAlarm < Inspec.resource(1)
-  name 'aws_cloudwatch_alarm'
+  name "aws_cloudwatch_alarm"
   desc <<~EXAMPLE
     # Look for a specific alarm
     aws_cloudwatch_alarm(
@@ -9,7 +13,7 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
       it { should exist }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
 
   include AwsSingularResourceMixin
   attr_reader :alarm_actions, :alarm_name, :metric_name, :metric_namespace
@@ -19,7 +23,7 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
   def validate_params(raw_params)
     recognized_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:metric_name, :metric_namespace],
+      allowed_params: [:metric_name, :metric_namespace]
     )
     validated_params = {}
     # Currently you must specify exactly metric_name and metric_namespace
@@ -34,13 +38,13 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
   def fetch_from_api
     aws_alarms = BackendFactory.create(inspec_runner).describe_alarms_for_metric(
       metric_name: @metric_name,
-      namespace: @metric_namespace,
+      namespace: @metric_namespace
     )
     if aws_alarms.metric_alarms.empty?
       @exists = false
     elsif aws_alarms.metric_alarms.count > 1
       alarms = aws_alarms.metric_alarms.map(&:alarm_name)
-      raise 'More than one Cloudwatch Alarm was matched. Try using ' \
+      raise "More than one Cloudwatch Alarm was matched. Try using " \
         "more specific resource parameters. Alarms matched: #{alarms.join(', ')}"
     else
       @alarm_actions = aws_alarms.metric_alarms.first.alarm_actions

data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb

@@ -1,6 +1,10 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-cloudwatchlogs"
+
 class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
-  name 'aws_cloudwatch_log_metric_filter'
-  desc 'Verifies individual Cloudwatch Log Metric Filters'
+  name "aws_cloudwatch_log_metric_filter"
+  desc "Verifies individual Cloudwatch Log Metric Filters"
   example <<~EXAMPLE
     # Look for a LMF by its filter name and log group name.  This combination
     # will always either find at most one LMF - no duplicates.
@@ -20,7 +24,7 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
       it { should exist }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
   include AwsSingularResourceMixin
   attr_reader :filter_name, :log_group_name, :metric_name, :metric_namespace, :pattern
 
@@ -29,10 +33,10 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
   def validate_params(raw_params)
     validated_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:filter_name, :log_group_name, :pattern],
+      allowed_params: [:filter_name, :log_group_name, :pattern]
     )
     if validated_params.empty?
-      raise ArgumentError, 'You must provide either filter_name, log_group, or pattern to aws_cloudwatch_log_metric_filter.'
+      raise ArgumentError, "You must provide either filter_name, log_group, or pattern to aws_cloudwatch_log_metric_filter."
     end
     validated_params
   end
@@ -60,9 +64,9 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
     # Check result count.  We're a singular resource and can tolerate
     # 0 or 1 results, not multiple.
     if aws_results.count > 1
-      raise 'More than one result was returned, but aws_cloudwatch_log_metric_filter '\
-            'can only handle a single AWS resource.  Consider passing more resource '\
-            'parameters to narrow down the search.'
+      raise "More than one result was returned, but aws_cloudwatch_log_metric_filter "\
+            "can only handle a single AWS resource.  Consider passing more resource "\
+            "parameters to narrow down the search."
     elsif aws_results.empty?
       @exists = false
     else

data/lib/resources/aws/aws_config_delivery_channel.rb

@@ -1,6 +1,10 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-configservice"
+
 class AwsConfigDeliveryChannel < Inspec.resource(1)
-  name 'aws_config_delivery_channel'
-  desc 'Verifies settings for AWS Config Delivery Channel'
+  name "aws_config_delivery_channel"
+  desc "Verifies settings for AWS Config Delivery Channel"
   example <<~EXAMPLE
     describe aws_config_delivery_channel do
       it { should exist }
@@ -8,7 +12,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
       its('sns_topic_arn') { should eq arn:aws:sns:us-east-1:721741954427:sns_topic' }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
 
   include AwsSingularResourceMixin
   attr_reader :channel_name, :s3_bucket_name, :s3_key_prefix, :sns_topic_arn,
@@ -25,7 +29,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
       raw_params: raw_params,
       allowed_params: [:channel_name],
       allowed_scalar_name: :channel_name,
-      allowed_scalar_type: String,
+      allowed_scalar_type: String
     )
 
     validated_params
@@ -46,11 +50,11 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
     @sns_topic_arn = channel[:sns_topic_arn]
     @delivery_frequency_in_hours = channel.dig(:config_snapshot_delivery_properties, :delivery_frequency)
     frequencies = {
-      'One_Hour' => 1,
-      'TwentyFour_Hours' => 24,
-      'Three_Hours' => 3,
-      'Six_Hours' => 6,
-      'Twelve_Hours' => 12,
+      "One_Hour" => 1,
+      "TwentyFour_Hours" => 24,
+      "Three_Hours" => 3,
+      "Six_Hours" => 6,
+      "Twelve_Hours" => 12,
     }
     @delivery_frequency_in_hours = frequencies[@delivery_frequency_in_hours]
   rescue Aws::ConfigService::Errors::NoSuchDeliveryChannelException

data/lib/resources/aws/aws_config_recorder.rb

@@ -1,6 +1,10 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-configservice"
+
 class AwsConfigurationRecorder < Inspec.resource(1)
-  name 'aws_config_recorder'
-  desc 'Verifies settings for AWS Configuration Recorder'
+  name "aws_config_recorder"
+  desc "Verifies settings for AWS Configuration Recorder"
   example <<~EXAMPLE
     describe aws_config_recorder('My_Recorder') do
       it { should exist }
@@ -9,7 +13,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
       it { should have_include_global_resource_types }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
 
   include AwsSingularResourceMixin
   attr_reader :role_arn, :resource_types, :recorder_name
@@ -47,7 +51,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
       raw_params: raw_params,
       allowed_params: [:recorder_name],
       allowed_scalar_name: :recorder_name,
-      allowed_scalar_type: String,
+      allowed_scalar_type: String
     )
 
     validated_params
@@ -62,7 +66,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
     return unless exists?
 
     if response.configuration_recorders.count > 1
-      raise ArgumentError, 'Internal error: unexpectedly received multiple AWS Config Recorder objects from API; expected to be singleton per-region.  Please file a bug report at https://github.com/chef/inspec/issues .'
+      raise ArgumentError, "Internal error: unexpectedly received multiple AWS Config Recorder objects from API; expected to be singleton per-region.  Please file a bug report at https://github.com/chef/inspec/issues ."
     end
 
     recorder = response.configuration_recorders.first.to_h
@@ -73,7 +77,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
     @resource_types = recorder[:recording_group][:resource_types]
   rescue Aws::ConfigService::Errors::NoSuchConfigurationRecorderException
     @exists = false
-    return
+    nil
   end
 
   class Backend

data/lib/resources/aws/aws_ebs_volume.rb

@@ -1,6 +1,10 @@
+require "resource_support/aws/aws_singular_resource_mixin"
+require "resource_support/aws/aws_backend_base"
+require "aws-sdk-ec2"
+
 class AwsEbsVolume < Inspec.resource(1)
-  name 'aws_ebs_volume'
-  desc 'Verifies settings for an EBS volume'
+  name "aws_ebs_volume"
+  desc "Verifies settings for an EBS volume"
 
   example <<~EXAMPLE
     describe aws_ebs_volume('vol-123456') do
@@ -13,7 +17,7 @@ class AwsEbsVolume < Inspec.resource(1)
       its('iops') { should cmp 100 }
     end
   EXAMPLE
-  supports platform: 'aws'
+  supports platform: "aws"
 
   # TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
   def initialize(opts, conn = nil)
@@ -31,7 +35,7 @@ class AwsEbsVolume < Inspec.resource(1)
     # The AWS error here is unhelpful:
     # "unable to sign request without credentials set"
     Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://www.inspec.io/docs/reference/platforms for details."
-    fail_resource('No AWS credentials available')
+    fail_resource("No AWS credentials available")
   rescue Aws::Errors::ServiceError => e
     fail_resource(e.message)
   end
@@ -55,10 +59,10 @@ class AwsEbsVolume < Inspec.resource(1)
         first = @ec2_resource.volumes(
           {
             filters: [{
-              name: 'tag:Name',
+              name: "tag:Name",
               values: [@opts[:name]],
             }],
-          },
+          }
         ).first
         # catch case where the volume is not known
         @volume_id = first.id unless first.nil?
@@ -92,9 +96,9 @@ class AwsEbsVolume < Inspec.resource(1)
   # is to use dumb things, like arrays of strings - use security_group_ids instead.
   def security_groups
     catch_aws_errors do
-      @security_groups ||= volume.security_groups.map { |sg|
+      @security_groups ||= volume.security_groups.map do |sg|
         { id: sg.group_id, name: sg.group_name }
-      }
+      end
     end
   end