inspec 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,3 +1,6 @@
|
|
1
|
+
require "resource_support/aws/aws_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_factory_mixin"
|
3
|
+
|
1
4
|
module AwsPluralResourceMixin
|
2
5
|
include AwsResourceMixin
|
3
6
|
attr_reader :table
|
@@ -16,6 +19,6 @@ module AwsPluralResourceMixin
|
|
16
19
|
extend AwsBackendFactoryMixin
|
17
20
|
end
|
18
21
|
# Name that class
|
19
|
-
base.const_set(
|
22
|
+
base.const_set("BackendFactory", resource_backend_factory_class)
|
20
23
|
end
|
21
24
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
module AwsResourceMixin
|
2
2
|
def initialize(resource_params = {})
|
3
|
-
Inspec.deprecate(:aws_resources_in_resource_pack,
|
3
|
+
Inspec.deprecate(:aws_resources_in_resource_pack,
|
4
|
+
"Resource '#{@__resource_name__ ||= self.class.to_s}'")
|
4
5
|
validate_params(resource_params).each do |param, value|
|
5
6
|
instance_variable_set(:"@#{param}", value)
|
6
7
|
end
|
@@ -25,7 +26,7 @@ module AwsResourceMixin
|
|
25
26
|
if value_seen.is_a?(allowed_scalar_type)
|
26
27
|
raw_params = { allowed_scalar_name => value_seen }
|
27
28
|
else
|
28
|
-
raise ArgumentError,
|
29
|
+
raise ArgumentError, "If you pass a single value to the resource, it must " \
|
29
30
|
"be a #{allowed_scalar_type}, not an #{value_seen.class}."
|
30
31
|
end
|
31
32
|
end
|
@@ -60,7 +61,7 @@ module AwsResourceMixin
|
|
60
61
|
# The AWS error here is unhelpful:
|
61
62
|
# "unable to sign request without credentials set"
|
62
63
|
Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://www.inspec.io/docs/reference/platforms for details."
|
63
|
-
fail_resource(
|
64
|
+
fail_resource("No AWS credentials available")
|
64
65
|
rescue Aws::Errors::ServiceError => e
|
65
66
|
fail_resource e.message
|
66
67
|
end
|
@@ -1,3 +1,6 @@
|
|
1
|
+
require "resource_support/aws/aws_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_factory_mixin"
|
3
|
+
|
1
4
|
module AwsSingularResourceMixin
|
2
5
|
include AwsResourceMixin
|
3
6
|
|
@@ -19,6 +22,6 @@ module AwsSingularResourceMixin
|
|
19
22
|
extend AwsBackendFactoryMixin
|
20
23
|
end
|
21
24
|
# Name that class
|
22
|
-
base.const_set(
|
25
|
+
base.const_set("BackendFactory", resource_backend_factory_class)
|
23
26
|
end
|
24
27
|
end
|
@@ -1,7 +1,14 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
|
4
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
5
|
+
require "resource_support/aws/aws_backend_base"
|
6
|
+
require "aws-sdk-costandusagereportservice.rb"
|
7
|
+
|
1
8
|
class AwsBillingReport < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
supports platform:
|
4
|
-
desc
|
9
|
+
name "aws_billing_report"
|
10
|
+
supports platform: "aws"
|
11
|
+
desc "Verifies settings for AWS Cost and Billing Reports."
|
5
12
|
example <<~EXAMPLE
|
6
13
|
describe aws_billing_report('inspec1') do
|
7
14
|
its('report_name') { should cmp 'inspec1' }
|
@@ -23,19 +30,19 @@ class AwsBillingReport < Inspec.resource(1)
|
|
23
30
|
end
|
24
31
|
|
25
32
|
def hourly?
|
26
|
-
exists? ? time_unit.eql?(
|
33
|
+
exists? ? time_unit.eql?("hourly") : nil
|
27
34
|
end
|
28
35
|
|
29
36
|
def daily?
|
30
|
-
exists? ? time_unit.eql?(
|
37
|
+
exists? ? time_unit.eql?("daily") : nil
|
31
38
|
end
|
32
39
|
|
33
40
|
def zip?
|
34
|
-
exists? ? compression.eql?(
|
41
|
+
exists? ? compression.eql?("zip") : nil
|
35
42
|
end
|
36
43
|
|
37
44
|
def gzip?
|
38
|
-
exists? ? compression.eql?(
|
45
|
+
exists? ? compression.eql?("gzip") : nil
|
39
46
|
end
|
40
47
|
|
41
48
|
private
|
@@ -45,7 +52,7 @@ class AwsBillingReport < Inspec.resource(1)
|
|
45
52
|
raw_params: raw_params,
|
46
53
|
allowed_params: [:report_name],
|
47
54
|
allowed_scalar_name: :report_name,
|
48
|
-
allowed_scalar_type: String
|
55
|
+
allowed_scalar_type: String
|
49
56
|
)
|
50
57
|
|
51
58
|
if validated_params.empty?
|
@@ -1,9 +1,12 @@
|
|
1
|
-
require
|
1
|
+
require "inspec/utils/filter"
|
2
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
3
|
+
require "resource_support/aws/aws_backend_base"
|
4
|
+
require "aws-sdk-costandusagereportservice"
|
2
5
|
|
3
6
|
class AwsBillingReports < Inspec.resource(1)
|
4
|
-
name
|
5
|
-
supports platform:
|
6
|
-
desc
|
7
|
+
name "aws_billing_reports"
|
8
|
+
supports platform: "aws"
|
9
|
+
desc "Verifies settings for AWS Cost and Billing Reports."
|
7
10
|
example <<~EXAMPLE
|
8
11
|
describe aws_billing_reports do
|
9
12
|
its('report_names') { should include 'inspec1' }
|
@@ -32,13 +35,13 @@ class AwsBillingReports < Inspec.resource(1)
|
|
32
35
|
|
33
36
|
def validate_params(resource_params)
|
34
37
|
unless resource_params.empty?
|
35
|
-
raise ArgumentError,
|
38
|
+
raise ArgumentError, "aws_billing_reports does not accept resource parameters."
|
36
39
|
end
|
37
40
|
resource_params
|
38
41
|
end
|
39
42
|
|
40
43
|
def to_s
|
41
|
-
|
44
|
+
"AWS Billing Reports"
|
42
45
|
end
|
43
46
|
|
44
47
|
def fetch_from_api
|
@@ -49,7 +52,7 @@ class AwsBillingReports < Inspec.resource(1)
|
|
49
52
|
api_result = backend.describe_report_definitions(pagination_opts)
|
50
53
|
api_result.report_definitions.each do |raw_report|
|
51
54
|
report = raw_report.to_h
|
52
|
-
%i
|
55
|
+
%i{time_unit compression}.each { |field| report[field].downcase! }
|
53
56
|
@table << report
|
54
57
|
end
|
55
58
|
pagination_opts = { next_token: api_result.next_token }
|
@@ -1,13 +1,17 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-cloudtrail"
|
4
|
+
|
1
5
|
class AwsCloudTrailTrail < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_cloudtrail_trail"
|
7
|
+
desc "Verifies settings for an individual AWS CloudTrail Trail"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_cloudtrail_trail('trail-name') do
|
6
10
|
it { should exist }
|
7
11
|
end
|
8
12
|
EXAMPLE
|
9
13
|
|
10
|
-
supports platform:
|
14
|
+
supports platform: "aws"
|
11
15
|
|
12
16
|
include AwsSingularResourceMixin
|
13
17
|
attr_reader :cloud_watch_logs_log_group_arn, :cloud_watch_logs_role_arn, :home_region,
|
@@ -34,7 +38,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
|
|
34
38
|
catch_aws_errors do
|
35
39
|
begin
|
36
40
|
resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
|
37
|
-
((Time.now - resp[:latest_cloud_watch_logs_delivery_time])/(24*60*60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
|
41
|
+
((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
|
38
42
|
rescue Aws::CloudTrail::Errors::TrailNotFoundException
|
39
43
|
nil
|
40
44
|
end
|
@@ -48,7 +52,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
|
|
48
52
|
raw_params: raw_params,
|
49
53
|
allowed_params: [:trail_name],
|
50
54
|
allowed_scalar_name: :trail_name,
|
51
|
-
allowed_scalar_type: String
|
55
|
+
allowed_scalar_type: String
|
52
56
|
)
|
53
57
|
|
54
58
|
if validated_params.empty?
|
@@ -1,18 +1,22 @@
|
|
1
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-cloudtrail"
|
4
|
+
|
1
5
|
class AwsCloudTrailTrails < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_cloudtrail_trails"
|
7
|
+
desc "Verifies settings for AWS CloudTrail Trails in bulk"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_cloudtrail_trails do
|
6
10
|
it { should exist }
|
7
11
|
end
|
8
12
|
EXAMPLE
|
9
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
10
14
|
|
11
15
|
include AwsPluralResourceMixin
|
12
16
|
|
13
17
|
def validate_params(resource_params)
|
14
18
|
unless resource_params.empty?
|
15
|
-
raise ArgumentError,
|
19
|
+
raise ArgumentError, "aws_cloudtrail_trails does not accept resource parameters."
|
16
20
|
end
|
17
21
|
resource_params
|
18
22
|
end
|
@@ -25,7 +29,7 @@ class AwsCloudTrailTrails < Inspec.resource(1)
|
|
25
29
|
filter.install_filter_methods_on_resource(self, :table)
|
26
30
|
|
27
31
|
def to_s
|
28
|
-
|
32
|
+
"CloudTrail Trails"
|
29
33
|
end
|
30
34
|
|
31
35
|
def fetch_from_api
|
@@ -1,5 +1,9 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-cloudwatch"
|
4
|
+
|
1
5
|
class AwsCloudwatchAlarm < Inspec.resource(1)
|
2
|
-
name
|
6
|
+
name "aws_cloudwatch_alarm"
|
3
7
|
desc <<~EXAMPLE
|
4
8
|
# Look for a specific alarm
|
5
9
|
aws_cloudwatch_alarm(
|
@@ -9,7 +13,7 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
|
|
9
13
|
it { should exist }
|
10
14
|
end
|
11
15
|
EXAMPLE
|
12
|
-
supports platform:
|
16
|
+
supports platform: "aws"
|
13
17
|
|
14
18
|
include AwsSingularResourceMixin
|
15
19
|
attr_reader :alarm_actions, :alarm_name, :metric_name, :metric_namespace
|
@@ -19,7 +23,7 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
|
|
19
23
|
def validate_params(raw_params)
|
20
24
|
recognized_params = check_resource_param_names(
|
21
25
|
raw_params: raw_params,
|
22
|
-
allowed_params: [:metric_name, :metric_namespace]
|
26
|
+
allowed_params: [:metric_name, :metric_namespace]
|
23
27
|
)
|
24
28
|
validated_params = {}
|
25
29
|
# Currently you must specify exactly metric_name and metric_namespace
|
@@ -34,13 +38,13 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
|
|
34
38
|
def fetch_from_api
|
35
39
|
aws_alarms = BackendFactory.create(inspec_runner).describe_alarms_for_metric(
|
36
40
|
metric_name: @metric_name,
|
37
|
-
namespace: @metric_namespace
|
41
|
+
namespace: @metric_namespace
|
38
42
|
)
|
39
43
|
if aws_alarms.metric_alarms.empty?
|
40
44
|
@exists = false
|
41
45
|
elsif aws_alarms.metric_alarms.count > 1
|
42
46
|
alarms = aws_alarms.metric_alarms.map(&:alarm_name)
|
43
|
-
raise
|
47
|
+
raise "More than one Cloudwatch Alarm was matched. Try using " \
|
44
48
|
"more specific resource parameters. Alarms matched: #{alarms.join(', ')}"
|
45
49
|
else
|
46
50
|
@alarm_actions = aws_alarms.metric_alarms.first.alarm_actions
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-cloudwatchlogs"
|
4
|
+
|
1
5
|
class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_cloudwatch_log_metric_filter"
|
7
|
+
desc "Verifies individual Cloudwatch Log Metric Filters"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
# Look for a LMF by its filter name and log group name. This combination
|
6
10
|
# will always either find at most one LMF - no duplicates.
|
@@ -20,7 +24,7 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
|
|
20
24
|
it { should exist }
|
21
25
|
end
|
22
26
|
EXAMPLE
|
23
|
-
supports platform:
|
27
|
+
supports platform: "aws"
|
24
28
|
include AwsSingularResourceMixin
|
25
29
|
attr_reader :filter_name, :log_group_name, :metric_name, :metric_namespace, :pattern
|
26
30
|
|
@@ -29,10 +33,10 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
|
|
29
33
|
def validate_params(raw_params)
|
30
34
|
validated_params = check_resource_param_names(
|
31
35
|
raw_params: raw_params,
|
32
|
-
allowed_params: [:filter_name, :log_group_name, :pattern]
|
36
|
+
allowed_params: [:filter_name, :log_group_name, :pattern]
|
33
37
|
)
|
34
38
|
if validated_params.empty?
|
35
|
-
raise ArgumentError,
|
39
|
+
raise ArgumentError, "You must provide either filter_name, log_group, or pattern to aws_cloudwatch_log_metric_filter."
|
36
40
|
end
|
37
41
|
validated_params
|
38
42
|
end
|
@@ -60,9 +64,9 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
|
|
60
64
|
# Check result count. We're a singular resource and can tolerate
|
61
65
|
# 0 or 1 results, not multiple.
|
62
66
|
if aws_results.count > 1
|
63
|
-
raise
|
64
|
-
|
65
|
-
|
67
|
+
raise "More than one result was returned, but aws_cloudwatch_log_metric_filter "\
|
68
|
+
"can only handle a single AWS resource. Consider passing more resource "\
|
69
|
+
"parameters to narrow down the search."
|
66
70
|
elsif aws_results.empty?
|
67
71
|
@exists = false
|
68
72
|
else
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-configservice"
|
4
|
+
|
1
5
|
class AwsConfigDeliveryChannel < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_config_delivery_channel"
|
7
|
+
desc "Verifies settings for AWS Config Delivery Channel"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_config_delivery_channel do
|
6
10
|
it { should exist }
|
@@ -8,7 +12,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
|
|
8
12
|
its('sns_topic_arn') { should eq arn:aws:sns:us-east-1:721741954427:sns_topic' }
|
9
13
|
end
|
10
14
|
EXAMPLE
|
11
|
-
supports platform:
|
15
|
+
supports platform: "aws"
|
12
16
|
|
13
17
|
include AwsSingularResourceMixin
|
14
18
|
attr_reader :channel_name, :s3_bucket_name, :s3_key_prefix, :sns_topic_arn,
|
@@ -25,7 +29,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
|
|
25
29
|
raw_params: raw_params,
|
26
30
|
allowed_params: [:channel_name],
|
27
31
|
allowed_scalar_name: :channel_name,
|
28
|
-
allowed_scalar_type: String
|
32
|
+
allowed_scalar_type: String
|
29
33
|
)
|
30
34
|
|
31
35
|
validated_params
|
@@ -46,11 +50,11 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
|
|
46
50
|
@sns_topic_arn = channel[:sns_topic_arn]
|
47
51
|
@delivery_frequency_in_hours = channel.dig(:config_snapshot_delivery_properties, :delivery_frequency)
|
48
52
|
frequencies = {
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
53
|
+
"One_Hour" => 1,
|
54
|
+
"TwentyFour_Hours" => 24,
|
55
|
+
"Three_Hours" => 3,
|
56
|
+
"Six_Hours" => 6,
|
57
|
+
"Twelve_Hours" => 12,
|
54
58
|
}
|
55
59
|
@delivery_frequency_in_hours = frequencies[@delivery_frequency_in_hours]
|
56
60
|
rescue Aws::ConfigService::Errors::NoSuchDeliveryChannelException
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-configservice"
|
4
|
+
|
1
5
|
class AwsConfigurationRecorder < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_config_recorder"
|
7
|
+
desc "Verifies settings for AWS Configuration Recorder"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_config_recorder('My_Recorder') do
|
6
10
|
it { should exist }
|
@@ -9,7 +13,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
|
|
9
13
|
it { should have_include_global_resource_types }
|
10
14
|
end
|
11
15
|
EXAMPLE
|
12
|
-
supports platform:
|
16
|
+
supports platform: "aws"
|
13
17
|
|
14
18
|
include AwsSingularResourceMixin
|
15
19
|
attr_reader :role_arn, :resource_types, :recorder_name
|
@@ -47,7 +51,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
|
|
47
51
|
raw_params: raw_params,
|
48
52
|
allowed_params: [:recorder_name],
|
49
53
|
allowed_scalar_name: :recorder_name,
|
50
|
-
allowed_scalar_type: String
|
54
|
+
allowed_scalar_type: String
|
51
55
|
)
|
52
56
|
|
53
57
|
validated_params
|
@@ -62,7 +66,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
|
|
62
66
|
return unless exists?
|
63
67
|
|
64
68
|
if response.configuration_recorders.count > 1
|
65
|
-
raise ArgumentError,
|
69
|
+
raise ArgumentError, "Internal error: unexpectedly received multiple AWS Config Recorder objects from API; expected to be singleton per-region. Please file a bug report at https://github.com/chef/inspec/issues ."
|
66
70
|
end
|
67
71
|
|
68
72
|
recorder = response.configuration_recorders.first.to_h
|
@@ -73,7 +77,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
|
|
73
77
|
@resource_types = recorder[:recording_group][:resource_types]
|
74
78
|
rescue Aws::ConfigService::Errors::NoSuchConfigurationRecorderException
|
75
79
|
@exists = false
|
76
|
-
|
80
|
+
nil
|
77
81
|
end
|
78
82
|
|
79
83
|
class Backend
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-ec2"
|
4
|
+
|
1
5
|
class AwsEbsVolume < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_ebs_volume"
|
7
|
+
desc "Verifies settings for an EBS volume"
|
4
8
|
|
5
9
|
example <<~EXAMPLE
|
6
10
|
describe aws_ebs_volume('vol-123456') do
|
@@ -13,7 +17,7 @@ class AwsEbsVolume < Inspec.resource(1)
|
|
13
17
|
its('iops') { should cmp 100 }
|
14
18
|
end
|
15
19
|
EXAMPLE
|
16
|
-
supports platform:
|
20
|
+
supports platform: "aws"
|
17
21
|
|
18
22
|
# TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
|
19
23
|
def initialize(opts, conn = nil)
|
@@ -31,7 +35,7 @@ class AwsEbsVolume < Inspec.resource(1)
|
|
31
35
|
# The AWS error here is unhelpful:
|
32
36
|
# "unable to sign request without credentials set"
|
33
37
|
Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://www.inspec.io/docs/reference/platforms for details."
|
34
|
-
fail_resource(
|
38
|
+
fail_resource("No AWS credentials available")
|
35
39
|
rescue Aws::Errors::ServiceError => e
|
36
40
|
fail_resource(e.message)
|
37
41
|
end
|
@@ -55,10 +59,10 @@ class AwsEbsVolume < Inspec.resource(1)
|
|
55
59
|
first = @ec2_resource.volumes(
|
56
60
|
{
|
57
61
|
filters: [{
|
58
|
-
name:
|
62
|
+
name: "tag:Name",
|
59
63
|
values: [@opts[:name]],
|
60
64
|
}],
|
61
|
-
}
|
65
|
+
}
|
62
66
|
).first
|
63
67
|
# catch case where the volume is not known
|
64
68
|
@volume_id = first.id unless first.nil?
|
@@ -92,9 +96,9 @@ class AwsEbsVolume < Inspec.resource(1)
|
|
92
96
|
# is to use dumb things, like arrays of strings - use security_group_ids instead.
|
93
97
|
def security_groups
|
94
98
|
catch_aws_errors do
|
95
|
-
@security_groups ||= volume.security_groups.map
|
99
|
+
@security_groups ||= volume.security_groups.map do |sg|
|
96
100
|
{ id: sg.group_id, name: sg.group_name }
|
97
|
-
|
101
|
+
end
|
98
102
|
end
|
99
103
|
end
|
100
104
|
|