inspec 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,17 +1,21 @@
|
|
1
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-kms"
|
4
|
+
|
1
5
|
class AwsKmsKeys < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_kms_keys"
|
7
|
+
desc "Verifies settings for AWS KMS Keys in bulk"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_kms_keys do
|
6
10
|
it { should exist }
|
7
11
|
end
|
8
12
|
EXAMPLE
|
9
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
10
14
|
|
11
15
|
include AwsPluralResourceMixin
|
12
16
|
def validate_params(resource_params)
|
13
17
|
unless resource_params.empty?
|
14
|
-
raise ArgumentError,
|
18
|
+
raise ArgumentError, "aws_kms_keys does not accept resource parameters."
|
15
19
|
end
|
16
20
|
resource_params
|
17
21
|
end
|
@@ -24,7 +28,7 @@ class AwsKmsKeys < Inspec.resource(1)
|
|
24
28
|
filter.install_filter_methods_on_resource(self, :table)
|
25
29
|
|
26
30
|
def to_s
|
27
|
-
|
31
|
+
"KMS Keys"
|
28
32
|
end
|
29
33
|
|
30
34
|
def fetch_from_api
|
@@ -1,13 +1,16 @@
|
|
1
|
-
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-rds"
|
4
|
+
|
2
5
|
class AwsRdsInstance < Inspec.resource(1)
|
3
|
-
name
|
4
|
-
desc
|
6
|
+
name "aws_rds_instance"
|
7
|
+
desc "Verifies settings for an rds instance"
|
5
8
|
example <<~EXAMPLE
|
6
9
|
describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
|
7
10
|
it { should exist }
|
8
11
|
end
|
9
12
|
EXAMPLE
|
10
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
11
14
|
|
12
15
|
include AwsSingularResourceMixin
|
13
16
|
attr_reader :db_instance_identifier
|
@@ -23,14 +26,14 @@ class AwsRdsInstance < Inspec.resource(1)
|
|
23
26
|
raw_params: raw_params,
|
24
27
|
allowed_params: [:db_instance_identifier],
|
25
28
|
allowed_scalar_name: :db_instance_identifier,
|
26
|
-
allowed_scalar_type: String
|
29
|
+
allowed_scalar_type: String
|
27
30
|
)
|
28
|
-
if validated_params.empty?
|
29
|
-
raise ArgumentError,
|
31
|
+
if validated_params.empty? || !validated_params.key?(:db_instance_identifier)
|
32
|
+
raise ArgumentError, "You must provide an id for the aws_rds_instance."
|
30
33
|
end
|
31
34
|
|
32
35
|
if validated_params.key?(:db_instance_identifier) && validated_params[:db_instance_identifier] !~ /^[a-z]{1}[0-9a-z\-]{0,62}$/
|
33
|
-
raise ArgumentError,
|
36
|
+
raise ArgumentError, "aws_rds_instance Database Instance ID must be in the format: start with a letter followed by up to 62 letters/numbers/hyphens."
|
34
37
|
end
|
35
38
|
|
36
39
|
validated_params
|
@@ -1,12 +1,16 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-ec2"
|
4
|
+
|
1
5
|
class AwsRouteTable < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_route_table"
|
7
|
+
desc "Verifies settings for an AWS Route Table"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_route_table do
|
6
10
|
its('route_table_id') { should cmp 'rtb-05462d2278326a79c' }
|
7
11
|
end
|
8
12
|
EXAMPLE
|
9
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
10
14
|
|
11
15
|
include AwsSingularResourceMixin
|
12
16
|
|
@@ -23,13 +27,13 @@ class AwsRouteTable < Inspec.resource(1)
|
|
23
27
|
raw_params: raw_params,
|
24
28
|
allowed_params: [:route_table_id],
|
25
29
|
allowed_scalar_name: :route_table_id,
|
26
|
-
allowed_scalar_type: String
|
30
|
+
allowed_scalar_type: String
|
27
31
|
)
|
28
32
|
|
29
33
|
if validated_params.key?(:route_table_id) &&
|
30
|
-
|
34
|
+
validated_params[:route_table_id] !~ /^rtb\-([0-9a-f]{17})|(^rtb\-[0-9a-f]{8})$/
|
31
35
|
raise ArgumentError,
|
32
|
-
|
36
|
+
"aws_route_table Route Table ID must be in the" \
|
33
37
|
' format "rtb-" followed by 8 or 17 hexadecimal characters.'
|
34
38
|
end
|
35
39
|
|
@@ -42,7 +46,7 @@ class AwsRouteTable < Inspec.resource(1)
|
|
42
46
|
if @route_table_id.nil?
|
43
47
|
args = nil
|
44
48
|
else
|
45
|
-
args = { filters: [{ name:
|
49
|
+
args = { filters: [{ name: "route-table-id", values: [@route_table_id] }] }
|
46
50
|
end
|
47
51
|
|
48
52
|
resp = backend.describe_route_tables(args)
|
@@ -1,12 +1,16 @@
|
|
1
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-ec2"
|
4
|
+
|
1
5
|
class AwsRouteTables < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_route_tables"
|
7
|
+
desc "Verifies settings for AWS Route Tables in bulk"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_route_tables do
|
6
10
|
it { should exist }
|
7
11
|
end
|
8
12
|
EXAMPLE
|
9
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
10
14
|
|
11
15
|
include AwsPluralResourceMixin
|
12
16
|
# Underlying FilterTable implementation.
|
@@ -21,20 +25,20 @@ class AwsRouteTables < Inspec.resource(1)
|
|
21
25
|
end
|
22
26
|
|
23
27
|
def to_s
|
24
|
-
|
28
|
+
"Route Tables"
|
25
29
|
end
|
26
30
|
|
27
31
|
private
|
28
32
|
|
29
33
|
def validate_params(raw_criteria)
|
30
34
|
unless raw_criteria.is_a? Hash
|
31
|
-
raise
|
35
|
+
raise "Unrecognized criteria for fetching Route Tables. " \
|
32
36
|
"Use 'criteria: value' format."
|
33
37
|
end
|
34
38
|
|
35
39
|
# No criteria yet
|
36
40
|
unless raw_criteria.empty?
|
37
|
-
raise ArgumentError,
|
41
|
+
raise ArgumentError, "aws_route_tables does not currently accept resource parameters."
|
38
42
|
end
|
39
43
|
raw_criteria
|
40
44
|
end
|
@@ -1,13 +1,16 @@
|
|
1
|
-
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-s3"
|
4
|
+
|
2
5
|
class AwsS3Bucket < Inspec.resource(1)
|
3
|
-
name
|
4
|
-
desc
|
6
|
+
name "aws_s3_bucket"
|
7
|
+
desc "Verifies settings for a s3 bucket"
|
5
8
|
example <<~EXAMPLE
|
6
9
|
describe aws_s3_bucket(bucket_name: 'test_bucket') do
|
7
10
|
it { should exist }
|
8
11
|
end
|
9
12
|
EXAMPLE
|
10
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
11
14
|
|
12
15
|
include AwsSingularResourceMixin
|
13
16
|
attr_reader :bucket_name, :has_default_encryption_enabled, :has_access_logging_enabled, :region
|
@@ -30,9 +33,9 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
30
33
|
def public?
|
31
34
|
# first line just for formatting
|
32
35
|
false || \
|
33
|
-
bucket_acl.any? { |g| g.grantee.type ==
|
34
|
-
bucket_acl.any? { |g| g.grantee.type ==
|
35
|
-
bucket_policy.any? { |s| s.effect ==
|
36
|
+
bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/ } || \
|
37
|
+
bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AuthenticatedUsers/ } || \
|
38
|
+
bucket_policy.any? { |s| s.effect == "Allow" && s.principal == "*" }
|
36
39
|
end
|
37
40
|
|
38
41
|
def has_default_encryption_enabled?
|
@@ -54,10 +57,10 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
54
57
|
raw_params: raw_params,
|
55
58
|
allowed_params: [:bucket_name],
|
56
59
|
allowed_scalar_name: :bucket_name,
|
57
|
-
allowed_scalar_type: String
|
60
|
+
allowed_scalar_type: String
|
58
61
|
)
|
59
|
-
if validated_params.empty?
|
60
|
-
raise ArgumentError,
|
62
|
+
if validated_params.empty? || !validated_params.key?(:bucket_name)
|
63
|
+
raise ArgumentError, "You must provide a bucket_name to aws_s3_bucket."
|
61
64
|
end
|
62
65
|
|
63
66
|
validated_params
|
@@ -83,7 +86,7 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
83
86
|
begin
|
84
87
|
# AWS SDK returns a StringIO, we have to read()
|
85
88
|
raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
|
86
|
-
return JSON.parse(raw_policy.read)[
|
89
|
+
return JSON.parse(raw_policy.read)["Statement"].map do |statement|
|
87
90
|
lowercase_hash = {}
|
88
91
|
statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
|
89
92
|
@bucket_policy = OpenStruct.new(lowercase_hash)
|
@@ -1,14 +1,17 @@
|
|
1
|
-
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-s3"
|
4
|
+
|
2
5
|
class AwsS3BucketObject < Inspec.resource(1)
|
3
|
-
name
|
4
|
-
desc
|
6
|
+
name "aws_s3_bucket_object"
|
7
|
+
desc "Verifies settings for a s3 bucket object"
|
5
8
|
example <<~EXAMPLE
|
6
9
|
describe aws_s3_bucket_object(bucket_name: 'bucket_name', key: 'file_name') do
|
7
10
|
it { should exist }
|
8
11
|
it { should_not be_public }
|
9
12
|
end
|
10
13
|
EXAMPLE
|
11
|
-
supports platform:
|
14
|
+
supports platform: "aws"
|
12
15
|
|
13
16
|
include AwsSingularResourceMixin
|
14
17
|
attr_reader :bucket_name, :key
|
@@ -30,8 +33,8 @@ class AwsS3BucketObject < Inspec.resource(1)
|
|
30
33
|
def public?
|
31
34
|
# first line just for formatting
|
32
35
|
false || \
|
33
|
-
object_acl.any? { |g| g.grantee.type ==
|
34
|
-
object_acl.any? { |g| g.grantee.type ==
|
36
|
+
object_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/ } || \
|
37
|
+
object_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AuthenticatedUsers/ }
|
35
38
|
end
|
36
39
|
|
37
40
|
private
|
@@ -39,10 +42,10 @@ class AwsS3BucketObject < Inspec.resource(1)
|
|
39
42
|
def validate_params(raw_params)
|
40
43
|
validated_params = check_resource_param_names(
|
41
44
|
raw_params: raw_params,
|
42
|
-
allowed_params: [:bucket_name, :key, :id]
|
45
|
+
allowed_params: [:bucket_name, :key, :id]
|
43
46
|
)
|
44
|
-
if validated_params.empty?
|
45
|
-
raise ArgumentError,
|
47
|
+
if validated_params.empty? || !validated_params.key?(:bucket_name) || !validated_params.key?(:key)
|
48
|
+
raise ArgumentError, "You must provide a bucket_name and key to aws_s3_bucket_object."
|
46
49
|
end
|
47
50
|
validated_params
|
48
51
|
end
|
@@ -1,14 +1,16 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-s3"
|
4
|
+
|
3
5
|
class AwsS3Buckets < Inspec.resource(1)
|
4
|
-
name
|
5
|
-
desc
|
6
|
+
name "aws_s3_buckets"
|
7
|
+
desc "Verifies settings for AWS S3 Buckets in bulk"
|
6
8
|
example <<~EXAMPLE
|
7
9
|
describe aws_s3_bucket do
|
8
10
|
its('bucket_names') { should eq ['my_bucket'] }
|
9
11
|
end
|
10
12
|
EXAMPLE
|
11
|
-
supports platform:
|
13
|
+
supports platform: "aws"
|
12
14
|
|
13
15
|
include AwsPluralResourceMixin
|
14
16
|
|
@@ -19,12 +21,12 @@ class AwsS3Buckets < Inspec.resource(1)
|
|
19
21
|
filter.install_filter_methods_on_resource(self, :table)
|
20
22
|
|
21
23
|
def to_s
|
22
|
-
|
24
|
+
"S3 Buckets"
|
23
25
|
end
|
24
26
|
|
25
27
|
def validate_params(resource_params)
|
26
28
|
unless resource_params.empty?
|
27
|
-
raise ArgumentError,
|
29
|
+
raise ArgumentError, "aws_s3_buckets does not accept resource parameters."
|
28
30
|
end
|
29
31
|
resource_params
|
30
32
|
end
|
@@ -1,15 +1,19 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "set"
|
2
|
+
require "ipaddr"
|
3
|
+
|
4
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
5
|
+
require "resource_support/aws/aws_backend_base"
|
6
|
+
require "aws-sdk-ec2"
|
3
7
|
|
4
8
|
class AwsSecurityGroup < Inspec.resource(1)
|
5
|
-
name
|
6
|
-
desc
|
9
|
+
name "aws_security_group"
|
10
|
+
desc "Verifies settings for an individual AWS Security Group."
|
7
11
|
example <<~EXAMPLE
|
8
12
|
describe aws_security_group('sg-12345678') do
|
9
13
|
it { should exist }
|
10
14
|
end
|
11
15
|
EXAMPLE
|
12
|
-
supports platform:
|
16
|
+
supports platform: "aws"
|
13
17
|
|
14
18
|
include AwsSingularResourceMixin
|
15
19
|
attr_reader :description, :group_id, :group_name, :vpc_id, :inbound_rules, :outbound_rules, :inbound_rules_count, :outbound_rules_count
|
@@ -47,7 +51,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
47
51
|
return false unless rules.count == 1 || criteria.key?(:position)
|
48
52
|
if criteria.key?(:security_group)
|
49
53
|
if criteria.key?(:position)
|
50
|
-
pos = criteria[:position] -1
|
54
|
+
pos = criteria[:position] - 1
|
51
55
|
else
|
52
56
|
pos = 0
|
53
57
|
end
|
@@ -119,7 +123,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
119
123
|
end
|
120
124
|
|
121
125
|
unless idx < rules.count
|
122
|
-
raise ArgumentError, "aws_security_group 'allow' 'position' criteria #{idx+1} is out of range - there are only #{rules.count} rules for security group #{group_id}."
|
126
|
+
raise ArgumentError, "aws_security_group 'allow' 'position' criteria #{idx + 1} is out of range - there are only #{rules.count} rules for security group #{group_id}."
|
123
127
|
end
|
124
128
|
|
125
129
|
[rules[idx]]
|
@@ -157,7 +161,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
157
161
|
return true unless criteria.key?(:protocol)
|
158
162
|
prot = criteria[:protocol]
|
159
163
|
# We provide a "fluency alias" for -1 (any).
|
160
|
-
prot =
|
164
|
+
prot = "-1" if prot == "any"
|
161
165
|
|
162
166
|
rule[:ip_protocol] == prot
|
163
167
|
end
|
@@ -210,7 +214,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
210
214
|
raw_params: raw_params,
|
211
215
|
allowed_params: [:id, :group_id, :group_name, :vpc_id],
|
212
216
|
allowed_scalar_name: :group_id,
|
213
|
-
allowed_scalar_type: String
|
217
|
+
allowed_scalar_type: String
|
214
218
|
)
|
215
219
|
|
216
220
|
# id is an alias for group_id
|
@@ -227,7 +231,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
227
231
|
validated_params = recognized_params
|
228
232
|
|
229
233
|
if validated_params.empty?
|
230
|
-
raise ArgumentError,
|
234
|
+
raise ArgumentError, "You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group."
|
231
235
|
end
|
232
236
|
validated_params
|
233
237
|
end
|
@@ -261,9 +265,9 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
261
265
|
next if val.nil?
|
262
266
|
filters.push(
|
263
267
|
{
|
264
|
-
name: criterion_name.to_s.tr(
|
268
|
+
name: criterion_name.to_s.tr("_", "-"),
|
265
269
|
values: [val],
|
266
|
-
}
|
270
|
+
}
|
267
271
|
)
|
268
272
|
end
|
269
273
|
dsg_response = backend.describe_security_groups(filters: filters)
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_plural_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-ec2"
|
4
|
+
|
1
5
|
class AwsSecurityGroups < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_security_groups"
|
7
|
+
desc "Verifies settings for AWS Security Groups in bulk"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
# Verify that you have security groups defined
|
6
10
|
describe aws_security_groups do
|
@@ -12,7 +16,7 @@ class AwsSecurityGroups < Inspec.resource(1)
|
|
12
16
|
its('entries.count') { should be > 1 }
|
13
17
|
end
|
14
18
|
EXAMPLE
|
15
|
-
supports platform:
|
19
|
+
supports platform: "aws"
|
16
20
|
|
17
21
|
include AwsPluralResourceMixin
|
18
22
|
|
@@ -23,20 +27,20 @@ class AwsSecurityGroups < Inspec.resource(1)
|
|
23
27
|
filter.install_filter_methods_on_resource(self, :table)
|
24
28
|
|
25
29
|
def to_s
|
26
|
-
|
30
|
+
"EC2 Security Groups"
|
27
31
|
end
|
28
32
|
|
29
33
|
private
|
30
34
|
|
31
35
|
def validate_params(raw_criteria)
|
32
36
|
unless raw_criteria.is_a? Hash
|
33
|
-
raise
|
37
|
+
raise "Unrecognized criteria for fetching Security Groups. " \
|
34
38
|
"Use 'criteria: value' format."
|
35
39
|
end
|
36
40
|
|
37
41
|
# No criteria yet
|
38
42
|
unless raw_criteria.empty?
|
39
|
-
raise ArgumentError,
|
43
|
+
raise ArgumentError, "aws_ec2_security_groups does not currently accept resource parameters."
|
40
44
|
end
|
41
45
|
raw_criteria
|
42
46
|
end
|
@@ -47,8 +51,8 @@ class AwsSecurityGroups < Inspec.resource(1)
|
|
47
51
|
backend.describe_security_groups({}).security_groups.each do |sg_info|
|
48
52
|
@table.push({
|
49
53
|
group_id: sg_info.group_id,
|
50
|
-
|
51
|
-
|
54
|
+
group_name: sg_info.group_name,
|
55
|
+
vpc_id: sg_info.vpc_id,
|
52
56
|
})
|
53
57
|
end
|
54
58
|
end
|
@@ -1,6 +1,10 @@
|
|
1
|
+
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
+
require "resource_support/aws/aws_backend_base"
|
3
|
+
require "aws-sdk-sns"
|
4
|
+
|
1
5
|
class AwsSnsSubscription < Inspec.resource(1)
|
2
|
-
name
|
3
|
-
desc
|
6
|
+
name "aws_sns_subscription"
|
7
|
+
desc "Verifies settings for an SNS Subscription"
|
4
8
|
example <<~EXAMPLE
|
5
9
|
describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
|
6
10
|
it { should_not have_raw_message_delivery }
|
@@ -12,7 +16,7 @@ class AwsSnsSubscription < Inspec.resource(1)
|
|
12
16
|
end
|
13
17
|
EXAMPLE
|
14
18
|
|
15
|
-
supports platform:
|
19
|
+
supports platform: "aws"
|
16
20
|
|
17
21
|
include AwsSingularResourceMixin
|
18
22
|
attr_reader :arn, :owner, :raw_message_delivery, :topic_arn, :endpoint, :protocol,
|
@@ -36,11 +40,11 @@ class AwsSnsSubscription < Inspec.resource(1)
|
|
36
40
|
raw_params: raw_params,
|
37
41
|
allowed_params: [:subscription_arn],
|
38
42
|
allowed_scalar_name: :subscription_arn,
|
39
|
-
allowed_scalar_type: String
|
43
|
+
allowed_scalar_type: String
|
40
44
|
)
|
41
45
|
|
42
46
|
if validated_params.empty?
|
43
|
-
raise ArgumentError,
|
47
|
+
raise ArgumentError, "You must provide a subscription_arn to aws_sns_subscription."
|
44
48
|
end
|
45
49
|
|
46
50
|
validated_params
|
@@ -52,12 +56,12 @@ class AwsSnsSubscription < Inspec.resource(1)
|
|
52
56
|
begin
|
53
57
|
aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
|
54
58
|
@exists = true
|
55
|
-
@owner = aws_response[
|
56
|
-
@raw_message_delivery = aws_response[
|
57
|
-
@topic_arn = aws_response[
|
58
|
-
@endpoint = aws_response[
|
59
|
-
@protocol = aws_response[
|
60
|
-
@confirmation_was_authenticated = aws_response[
|
59
|
+
@owner = aws_response["Owner"]
|
60
|
+
@raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
|
61
|
+
@topic_arn = aws_response["TopicArn"]
|
62
|
+
@endpoint = aws_response["Endpoint"]
|
63
|
+
@protocol = aws_response["Protocol"]
|
64
|
+
@confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
|
61
65
|
rescue Aws::SNS::Errors::NotFound
|
62
66
|
@exists = false
|
63
67
|
return
|