inspec 4.32.0 → 4.37.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c60e007c349cb98360ac0c17794a63b3ca38abc696ee79b642f727a3399ae7a
-  data.tar.gz: 91ac4723db29f88361688124770f4e2d965b41612223327860606b96789b1376
+  metadata.gz: 56bb82eee086dce8926b19585b32b03eb73c18ea9d0b840d4eb1df78cce062f1
+  data.tar.gz: e6cf1df22712546e2222bc5d617d22458d4221d15954399f092752233a222f19
 SHA512:
-  metadata.gz: f9e6bf0f7e0e7f21a21125452e298e53692dca5273e6a4dbb2db0c351ed797b2fdf221cbd686aee0f4786136db1673a544aa3069a02b5c2ee28449732e2c59c5
-  data.tar.gz: 883429270ca8b74b3b8aba0f47b328942c450891922ee473ef9188ddc94723ed2fa0bb2e17b585ecd8f9ce0e01601b280d1233bc62ef38609a20fb53d14f5758
+  metadata.gz: 1fb60a32fb80e036920c57bb5fc5444faf82e1482b30c96709b7172283a1d99e204b3175d080cacfd4b4fcd3c24f1eeebfcbf4016eb00ec9375e5e6b629f6139
+  data.tar.gz: a497e860c728d0441b5ec7bedefc7c9d1b34d3e341fba1fd278ae7aacc7ff521225b47996f9dcb0aec272f7eeeeb340a6247525ff10c96ce2248136264d2987d

data/Gemfile

@@ -28,7 +28,7 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 1.7.1"
+  gem "chefstyle", "~> 2.0.3"
   gem "concurrent-ruby", "~> 1.0"
   gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
   gem "json_schemer", ">= 0.2.1", "< 0.2.19"
@@ -48,3 +48,16 @@ end
 group :deploy do
   gem "inquirer"
 end
+
+# Only include Test Kitchen support if we are on Ruby 2.7 or higher
+# as chef-zero support requires Ruby 2.6
+# See https://github.com/inspec/inspec/pull/5341
+if Gem.ruby_version >= Gem::Version.new("2.7.0")
+  group :kitchen do
+    gem "berkshelf"
+    gem "test-kitchen", ">= 2.8"
+    gem "kitchen-inspec", ">= 2.0"
+    gem "kitchen-dokken", ">= 2.11"
+    gem "git"
+  end
+end

data/lib/resources/aws/aws_cloudtrail_trail.rb

@@ -36,12 +36,12 @@ class AwsCloudTrailTrail < Inspec.resource(1)
   def delivered_logs_days_ago
     query = { name: @trail_name }
     catch_aws_errors do
-      begin
-        resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
-        ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
-      rescue Aws::CloudTrail::Errors::TrailNotFoundException
-        nil
-      end
+
+      resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
+      ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
+    rescue Aws::CloudTrail::Errors::TrailNotFoundException
+      nil
+
     end
   end
 

data/lib/resources/aws/aws_iam_access_keys.rb

@@ -101,27 +101,27 @@ class AwsIamAccessKeys < Inspec.resource(1)
 
         access_key_data = []
         user_details.each_key do |username|
-          begin
-            user_keys = iam_client.list_access_keys(user_name: username)
-              .access_key_metadata
-            user_keys = user_keys.map do |metadata|
-              {
-                access_key_id: metadata.access_key_id,
-                username: username,
-                status: metadata.status,
-                create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
-              }
-            end
 
-            # Copy in from user data
-            # Synthetics
-            user_keys.each do |key_info|
-              add_synthetic_fields(key_info, user_details[username])
-            end
-            access_key_data.concat(user_keys)
-          rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
-            # Swallow - a miss on search results should return an empty table
+          user_keys = iam_client.list_access_keys(user_name: username)
+            .access_key_metadata
+          user_keys = user_keys.map do |metadata|
+            {
+              access_key_id: metadata.access_key_id,
+              username: username,
+              status: metadata.status,
+              create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
+            }
+          end
+
+          # Copy in from user data
+          # Synthetics
+          user_keys.each do |key_info|
+            add_synthetic_fields(key_info, user_details[username])
           end
+          access_key_data.concat(user_keys)
+        rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
+          # Swallow - a miss on search results should return an empty table
+
         end
         access_key_data
       end

data/lib/resources/aws/aws_iam_password_policy.rb

@@ -20,19 +20,19 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
   # TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
   def initialize(conn = nil)
     catch_aws_errors do
-      begin
-        if conn
-          # We're in a mocked unit test.
-          @policy = conn.iam_resource.account_password_policy
-        else
-          # Don't use the resource approach.  It's a CRUD operation
-          # - if the policy does not exist, you get back a blank object to  populate and save.
-          # Using the Client will throw an exception if no policy exists.
-          @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
-        end
-      rescue Aws::IAM::Errors::NoSuchEntity
-        @policy = nil
+
+      if conn
+        # We're in a mocked unit test.
+        @policy = conn.iam_resource.account_password_policy
+      else
+        # Don't use the resource approach.  It's a CRUD operation
+        # - if the policy does not exist, you get back a blank object to  populate and save.
+        # Using the Client will throw an exception if no policy exists.
+        @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
       end
+    rescue Aws::IAM::Errors::NoSuchEntity
+      @policy = nil
+
     end
   end
 

data/lib/resources/aws/aws_kms_key.rb

@@ -56,30 +56,30 @@ class AwsKmsKey < Inspec.resource(1)
 
     query = { key_id: @key_id }
     catch_aws_errors do
-      begin
-        resp = backend.describe_key(query)
-
-        @exists = true
-        @key = resp.key_metadata.to_h
-        @key_id = @key[:key_id]
-        @arn = @key[:arn]
-        @creation_date = @key[:creation_date]
-        @enabled = @key[:enabled]
-        @description = @key[:description]
-        @key_usage = @key[:key_usage]
-        @key_state = @key[:key_state]
-        @deletion_date = @key[:deletion_date]
-        @valid_to = @key[:valid_to]
-        @external = @key[:origin] == "EXTERNAL"
-        @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
-        @managed_by_aws = @key[:key_manager] == "AWS"
-
-        resp = backend.get_key_rotation_status(query)
-        @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
-      rescue Aws::KMS::Errors::NotFoundException
-        @exists = false
-        return
-      end
+
+      resp = backend.describe_key(query)
+
+      @exists = true
+      @key = resp.key_metadata.to_h
+      @key_id = @key[:key_id]
+      @arn = @key[:arn]
+      @creation_date = @key[:creation_date]
+      @enabled = @key[:enabled]
+      @description = @key[:description]
+      @key_usage = @key[:key_usage]
+      @key_state = @key[:key_state]
+      @deletion_date = @key[:deletion_date]
+      @valid_to = @key[:valid_to]
+      @external = @key[:origin] == "EXTERNAL"
+      @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
+      @managed_by_aws = @key[:key_manager] == "AWS"
+
+      resp = backend.get_key_rotation_status(query)
+      @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
+    rescue Aws::KMS::Errors::NotFoundException
+      @exists = false
+      return
+
     end
   end
 

data/lib/resources/aws/aws_rds_instance.rb

@@ -43,13 +43,13 @@ class AwsRdsInstance < Inspec.resource(1)
     backend = BackendFactory.create(inspec_runner)
     dsg_response = nil
     catch_aws_errors do
-      begin
-        dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
-        @exists = true
-      rescue Aws::RDS::Errors::DBInstanceNotFound
-        @exists = false
-        return
-      end
+
+      dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
+      @exists = true
+    rescue Aws::RDS::Errors::DBInstanceNotFound
+      @exists = false
+      return
+
     end
 
     if dsg_response.db_instances.empty?

data/lib/resources/aws/aws_s3_bucket.rb

@@ -85,30 +85,29 @@ class AwsS3Bucket < Inspec.resource(1)
   def fetch_bucket_policy
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        # AWS SDK returns a StringIO, we have to read()
-        raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
-        return JSON.parse(raw_policy.read)["Statement"].map do |statement|
-          lowercase_hash = {}
-          statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
-          @bucket_policy = OpenStruct.new(lowercase_hash)
-        end
-      rescue Aws::S3::Errors::NoSuchBucketPolicy
-        @bucket_policy = []
+
+      # AWS SDK returns a StringIO, we have to read()
+      raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
+      return JSON.parse(raw_policy.read)["Statement"].map do |statement|
+        lowercase_hash = {}
+        statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
+        @bucket_policy = OpenStruct.new(lowercase_hash)
       end
+    rescue Aws::S3::Errors::NoSuchBucketPolicy
+      @bucket_policy = []
+
     end
   end
 
   def fetch_bucket_encryption_configuration
     @has_default_encryption_enabled ||= catch_aws_errors do
-      begin
-        !BackendFactory.create(inspec_runner)
-          .get_bucket_encryption(bucket: bucket_name)
-          .server_side_encryption_configuration
-          .nil?
-      rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
-        false
-      end
+      !BackendFactory.create(inspec_runner)
+        .get_bucket_encryption(bucket: bucket_name)
+        .server_side_encryption_configuration
+        .nil?
+    rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
+      false
+
     end
   end
 

data/lib/resources/aws/aws_s3_bucket_object.rb

@@ -55,16 +55,16 @@ class AwsS3BucketObject < Inspec.resource(1)
   def fetch_from_api
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        # Just use get_object to detect if the bucket exists
-        backend.get_object(bucket: bucket_name, key: key)
-      rescue Aws::S3::Errors::NoSuchBucket
-        @exists = false
-        return
-      rescue Aws::S3::Errors::NoSuchKey
-        @exists = false
-        return
-      end
+
+      # Just use get_object to detect if the bucket exists
+      backend.get_object(bucket: bucket_name, key: key)
+    rescue Aws::S3::Errors::NoSuchBucket
+      @exists = false
+      return
+    rescue Aws::S3::Errors::NoSuchKey
+      @exists = false
+      return
+
     end
     @exists = true
   end

data/lib/resources/aws/aws_sns_subscription.rb

@@ -53,19 +53,19 @@ class AwsSnsSubscription < Inspec.resource(1)
   def fetch_from_api
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
-        @exists = true
-        @owner = aws_response["Owner"]
-        @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
-        @topic_arn = aws_response["TopicArn"]
-        @endpoint = aws_response["Endpoint"]
-        @protocol = aws_response["Protocol"]
-        @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
-      rescue Aws::SNS::Errors::NotFound
-        @exists = false
-        return
-      end
+
+      aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
+      @exists = true
+      @owner = aws_response["Owner"]
+      @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
+      @topic_arn = aws_response["TopicArn"]
+      @endpoint = aws_response["Endpoint"]
+      @protocol = aws_response["Protocol"]
+      @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
+    rescue Aws::SNS::Errors::NotFound
+      @exists = false
+      return
+
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 4.32.0
+  version: 4.37.17
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-14 00:00:00.000000000 Z
+date: 2021-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inspec-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.32.0
+        version: 4.37.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.32.0
+        version: 4.37.17
 - !ruby/object:Gem::Dependency
   name: train
   requirement: !ruby/object:Gem::Requirement