inspec 4.31.1 → 4.37.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9298a40b73dee82eada552bb1b9259729ecaa912e121ce707f2764942850027b
4
- data.tar.gz: e6524804558b1d23e175160b9d322228d7b43b6fcf1de6cb9d0b744616ef5633
3
+ metadata.gz: f91388610faecff1f170219dc2de6a6f0a1b19639576e978d005bb44133a7c95
4
+ data.tar.gz: e39bfbeea1568f75a6847b131fadc4ab6bccefaaefa9edbc53ac360db81c0221
5
5
  SHA512:
6
- metadata.gz: 8d4fd9a0280a8a921d275aba2c62b8ba3cefce484f157cf1b08b6f698893477be8d3d4ada3019d0a9b3b0b5aca27ff5fe2bed56d68f9cf381c6e21cbc13009bc
7
- data.tar.gz: 361a638e33b529c7bdb5ead6cc6aa46f20ef9c220506246e90887c51043eeb381f44f14a72b277837ddf7cbf55ef346cb6085f2202b5b45ca4006e90e6fcc992
6
+ metadata.gz: 56c5f8aa6e31177111234df6a83f7e5abfe72d8122d80edddcabb3931dd3f253df65b719d313b9278af2459812852af01e0e3742388e7d4567604960ab1f98c8
7
+ data.tar.gz: 298dc39c21b0a1f6125807ecc7a12c70514bd68138c5b3eb72c721d404740d8e9d07076d24c753bda360c3428c1f2a5442a78148f2d987fda08a6b770924592f
data/Gemfile CHANGED
@@ -28,7 +28,7 @@ group :omnibus do
28
28
  end
29
29
 
30
30
  group :test do
31
- gem "chefstyle", "~> 1.7.1"
31
+ gem "chefstyle", "~> 2.0.3"
32
32
  gem "concurrent-ruby", "~> 1.0"
33
33
  gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
34
34
  gem "json_schemer", ">= 0.2.1", "< 0.2.19"
@@ -48,3 +48,16 @@ end
48
48
  group :deploy do
49
49
  gem "inquirer"
50
50
  end
51
+
52
+ # Only include Test Kitchen support if we are on Ruby 2.7 or higher
53
+ # as chef-zero support requires Ruby 2.6
54
+ # See https://github.com/inspec/inspec/pull/5341
55
+ if Gem.ruby_version >= Gem::Version.new("2.7.0")
56
+ group :kitchen do
57
+ gem "berkshelf"
58
+ gem "test-kitchen", ">= 2.8"
59
+ gem "kitchen-inspec", ">= 2.0"
60
+ gem "kitchen-dokken", ">= 2.11"
61
+ gem "git"
62
+ end
63
+ end
@@ -36,12 +36,12 @@ class AwsCloudTrailTrail < Inspec.resource(1)
36
36
  def delivered_logs_days_ago
37
37
  query = { name: @trail_name }
38
38
  catch_aws_errors do
39
- begin
40
- resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
41
- ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
42
- rescue Aws::CloudTrail::Errors::TrailNotFoundException
43
- nil
44
- end
39
+
40
+ resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
41
+ ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
42
+ rescue Aws::CloudTrail::Errors::TrailNotFoundException
43
+ nil
44
+
45
45
  end
46
46
  end
47
47
 
@@ -101,27 +101,27 @@ class AwsIamAccessKeys < Inspec.resource(1)
101
101
 
102
102
  access_key_data = []
103
103
  user_details.each_key do |username|
104
- begin
105
- user_keys = iam_client.list_access_keys(user_name: username)
106
- .access_key_metadata
107
- user_keys = user_keys.map do |metadata|
108
- {
109
- access_key_id: metadata.access_key_id,
110
- username: username,
111
- status: metadata.status,
112
- create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
113
- }
114
- end
115
104
 
116
- # Copy in from user data
117
- # Synthetics
118
- user_keys.each do |key_info|
119
- add_synthetic_fields(key_info, user_details[username])
120
- end
121
- access_key_data.concat(user_keys)
122
- rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
123
- # Swallow - a miss on search results should return an empty table
105
+ user_keys = iam_client.list_access_keys(user_name: username)
106
+ .access_key_metadata
107
+ user_keys = user_keys.map do |metadata|
108
+ {
109
+ access_key_id: metadata.access_key_id,
110
+ username: username,
111
+ status: metadata.status,
112
+ create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
113
+ }
114
+ end
115
+
116
+ # Copy in from user data
117
+ # Synthetics
118
+ user_keys.each do |key_info|
119
+ add_synthetic_fields(key_info, user_details[username])
124
120
  end
121
+ access_key_data.concat(user_keys)
122
+ rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
123
+ # Swallow - a miss on search results should return an empty table
124
+
125
125
  end
126
126
  access_key_data
127
127
  end
@@ -20,19 +20,19 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
20
20
  # TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
21
21
  def initialize(conn = nil)
22
22
  catch_aws_errors do
23
- begin
24
- if conn
25
- # We're in a mocked unit test.
26
- @policy = conn.iam_resource.account_password_policy
27
- else
28
- # Don't use the resource approach. It's a CRUD operation
29
- # - if the policy does not exist, you get back a blank object to populate and save.
30
- # Using the Client will throw an exception if no policy exists.
31
- @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
32
- end
33
- rescue Aws::IAM::Errors::NoSuchEntity
34
- @policy = nil
23
+
24
+ if conn
25
+ # We're in a mocked unit test.
26
+ @policy = conn.iam_resource.account_password_policy
27
+ else
28
+ # Don't use the resource approach. It's a CRUD operation
29
+ # - if the policy does not exist, you get back a blank object to populate and save.
30
+ # Using the Client will throw an exception if no policy exists.
31
+ @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
35
32
  end
33
+ rescue Aws::IAM::Errors::NoSuchEntity
34
+ @policy = nil
35
+
36
36
  end
37
37
  end
38
38
 
@@ -56,30 +56,30 @@ class AwsKmsKey < Inspec.resource(1)
56
56
 
57
57
  query = { key_id: @key_id }
58
58
  catch_aws_errors do
59
- begin
60
- resp = backend.describe_key(query)
61
-
62
- @exists = true
63
- @key = resp.key_metadata.to_h
64
- @key_id = @key[:key_id]
65
- @arn = @key[:arn]
66
- @creation_date = @key[:creation_date]
67
- @enabled = @key[:enabled]
68
- @description = @key[:description]
69
- @key_usage = @key[:key_usage]
70
- @key_state = @key[:key_state]
71
- @deletion_date = @key[:deletion_date]
72
- @valid_to = @key[:valid_to]
73
- @external = @key[:origin] == "EXTERNAL"
74
- @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
75
- @managed_by_aws = @key[:key_manager] == "AWS"
76
-
77
- resp = backend.get_key_rotation_status(query)
78
- @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
79
- rescue Aws::KMS::Errors::NotFoundException
80
- @exists = false
81
- return
82
- end
59
+
60
+ resp = backend.describe_key(query)
61
+
62
+ @exists = true
63
+ @key = resp.key_metadata.to_h
64
+ @key_id = @key[:key_id]
65
+ @arn = @key[:arn]
66
+ @creation_date = @key[:creation_date]
67
+ @enabled = @key[:enabled]
68
+ @description = @key[:description]
69
+ @key_usage = @key[:key_usage]
70
+ @key_state = @key[:key_state]
71
+ @deletion_date = @key[:deletion_date]
72
+ @valid_to = @key[:valid_to]
73
+ @external = @key[:origin] == "EXTERNAL"
74
+ @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
75
+ @managed_by_aws = @key[:key_manager] == "AWS"
76
+
77
+ resp = backend.get_key_rotation_status(query)
78
+ @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
79
+ rescue Aws::KMS::Errors::NotFoundException
80
+ @exists = false
81
+ return
82
+
83
83
  end
84
84
  end
85
85
 
@@ -43,13 +43,13 @@ class AwsRdsInstance < Inspec.resource(1)
43
43
  backend = BackendFactory.create(inspec_runner)
44
44
  dsg_response = nil
45
45
  catch_aws_errors do
46
- begin
47
- dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
48
- @exists = true
49
- rescue Aws::RDS::Errors::DBInstanceNotFound
50
- @exists = false
51
- return
52
- end
46
+
47
+ dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
48
+ @exists = true
49
+ rescue Aws::RDS::Errors::DBInstanceNotFound
50
+ @exists = false
51
+ return
52
+
53
53
  end
54
54
 
55
55
  if dsg_response.db_instances.empty?
@@ -85,30 +85,29 @@ class AwsS3Bucket < Inspec.resource(1)
85
85
  def fetch_bucket_policy
86
86
  backend = BackendFactory.create(inspec_runner)
87
87
  catch_aws_errors do
88
- begin
89
- # AWS SDK returns a StringIO, we have to read()
90
- raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
91
- return JSON.parse(raw_policy.read)["Statement"].map do |statement|
92
- lowercase_hash = {}
93
- statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
94
- @bucket_policy = OpenStruct.new(lowercase_hash)
95
- end
96
- rescue Aws::S3::Errors::NoSuchBucketPolicy
97
- @bucket_policy = []
88
+
89
+ # AWS SDK returns a StringIO, we have to read()
90
+ raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
91
+ return JSON.parse(raw_policy.read)["Statement"].map do |statement|
92
+ lowercase_hash = {}
93
+ statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
94
+ @bucket_policy = OpenStruct.new(lowercase_hash)
98
95
  end
96
+ rescue Aws::S3::Errors::NoSuchBucketPolicy
97
+ @bucket_policy = []
98
+
99
99
  end
100
100
  end
101
101
 
102
102
  def fetch_bucket_encryption_configuration
103
103
  @has_default_encryption_enabled ||= catch_aws_errors do
104
- begin
105
- !BackendFactory.create(inspec_runner)
106
- .get_bucket_encryption(bucket: bucket_name)
107
- .server_side_encryption_configuration
108
- .nil?
109
- rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
110
- false
111
- end
104
+ !BackendFactory.create(inspec_runner)
105
+ .get_bucket_encryption(bucket: bucket_name)
106
+ .server_side_encryption_configuration
107
+ .nil?
108
+ rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
109
+ false
110
+
112
111
  end
113
112
  end
114
113
 
@@ -55,16 +55,16 @@ class AwsS3BucketObject < Inspec.resource(1)
55
55
  def fetch_from_api
56
56
  backend = BackendFactory.create(inspec_runner)
57
57
  catch_aws_errors do
58
- begin
59
- # Just use get_object to detect if the bucket exists
60
- backend.get_object(bucket: bucket_name, key: key)
61
- rescue Aws::S3::Errors::NoSuchBucket
62
- @exists = false
63
- return
64
- rescue Aws::S3::Errors::NoSuchKey
65
- @exists = false
66
- return
67
- end
58
+
59
+ # Just use get_object to detect if the bucket exists
60
+ backend.get_object(bucket: bucket_name, key: key)
61
+ rescue Aws::S3::Errors::NoSuchBucket
62
+ @exists = false
63
+ return
64
+ rescue Aws::S3::Errors::NoSuchKey
65
+ @exists = false
66
+ return
67
+
68
68
  end
69
69
  @exists = true
70
70
  end
@@ -53,19 +53,19 @@ class AwsSnsSubscription < Inspec.resource(1)
53
53
  def fetch_from_api
54
54
  backend = BackendFactory.create(inspec_runner)
55
55
  catch_aws_errors do
56
- begin
57
- aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
58
- @exists = true
59
- @owner = aws_response["Owner"]
60
- @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
61
- @topic_arn = aws_response["TopicArn"]
62
- @endpoint = aws_response["Endpoint"]
63
- @protocol = aws_response["Protocol"]
64
- @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
65
- rescue Aws::SNS::Errors::NotFound
66
- @exists = false
67
- return
68
- end
56
+
57
+ aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
58
+ @exists = true
59
+ @owner = aws_response["Owner"]
60
+ @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
61
+ @topic_arn = aws_response["TopicArn"]
62
+ @endpoint = aws_response["Endpoint"]
63
+ @protocol = aws_response["Protocol"]
64
+ @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
65
+ rescue Aws::SNS::Errors::NotFound
66
+ @exists = false
67
+ return
68
+
69
69
  end
70
70
  end
71
71
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.31.1
4
+ version: 4.37.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-08 00:00:00.000000000 Z
11
+ date: 2021-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: inspec-core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.31.1
19
+ version: 4.37.8
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.31.1
26
+ version: 4.37.8
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: train
29
29
  requirement: !ruby/object:Gem::Requirement