inspec 4.56.19 → 5.12.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +4 -1
- data/lib/plugins/inspec-artifact/inspec-artifact.gemspec +9 -0
- data/lib/plugins/inspec-compliance/inspec-compliance.gemspec +9 -0
- data/lib/plugins/inspec-habitat/inspec-habitat.gemspec +9 -0
- data/lib/plugins/inspec-init/inspec-init.gemspec +9 -0
- data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/inspec-plugin-manager-cli.gemspec +10 -0
- data/lib/plugins/inspec-reporter-html2/inspec-reporter-html2.gemspec +9 -0
- data/lib/plugins/inspec-reporter-json-min/inspec-reporter-json-min.gemspec +9 -0
- data/lib/plugins/inspec-reporter-junit/inspec-reporter-junit.gemspec +9 -0
- data/lib/plugins/inspec-streaming-reporter-progress-bar/inspec-streaming-reporter-progress-bar.gemspec +9 -0
- metadata +28 -62
- data/lib/resource_support/aws/aws_backend_base.rb +0 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +0 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +0 -24
- data/lib/resource_support/aws/aws_resource_mixin.rb +0 -69
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +0 -27
- data/lib/resource_support/aws.rb +0 -76
- data/lib/resources/aws/aws_billing_report.rb +0 -105
- data/lib/resources/aws/aws_billing_reports.rb +0 -74
- data/lib/resources/aws/aws_cloudtrail_trail.rb +0 -97
- data/lib/resources/aws/aws_cloudtrail_trails.rb +0 -51
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +0 -67
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +0 -105
- data/lib/resources/aws/aws_config_delivery_channel.rb +0 -74
- data/lib/resources/aws/aws_config_recorder.rb +0 -99
- data/lib/resources/aws/aws_ebs_volume.rb +0 -127
- data/lib/resources/aws/aws_ebs_volumes.rb +0 -69
- data/lib/resources/aws/aws_ec2_instance.rb +0 -162
- data/lib/resources/aws/aws_ec2_instances.rb +0 -69
- data/lib/resources/aws/aws_ecs_cluster.rb +0 -87
- data/lib/resources/aws/aws_eks_cluster.rb +0 -105
- data/lib/resources/aws/aws_elb.rb +0 -85
- data/lib/resources/aws/aws_elbs.rb +0 -84
- data/lib/resources/aws/aws_flow_log.rb +0 -106
- data/lib/resources/aws/aws_iam_access_key.rb +0 -112
- data/lib/resources/aws/aws_iam_access_keys.rb +0 -153
- data/lib/resources/aws/aws_iam_group.rb +0 -62
- data/lib/resources/aws/aws_iam_groups.rb +0 -56
- data/lib/resources/aws/aws_iam_password_policy.rb +0 -121
- data/lib/resources/aws/aws_iam_policies.rb +0 -57
- data/lib/resources/aws/aws_iam_policy.rb +0 -311
- data/lib/resources/aws/aws_iam_role.rb +0 -60
- data/lib/resources/aws/aws_iam_root_user.rb +0 -82
- data/lib/resources/aws/aws_iam_user.rb +0 -145
- data/lib/resources/aws/aws_iam_users.rb +0 -160
- data/lib/resources/aws/aws_kms_key.rb +0 -100
- data/lib/resources/aws/aws_kms_keys.rb +0 -58
- data/lib/resources/aws/aws_rds_instance.rb +0 -74
- data/lib/resources/aws/aws_route_table.rb +0 -67
- data/lib/resources/aws/aws_route_tables.rb +0 -64
- data/lib/resources/aws/aws_s3_bucket.rb +0 -141
- data/lib/resources/aws/aws_s3_bucket_object.rb +0 -87
- data/lib/resources/aws/aws_s3_buckets.rb +0 -52
- data/lib/resources/aws/aws_security_group.rb +0 -314
- data/lib/resources/aws/aws_security_groups.rb +0 -71
- data/lib/resources/aws/aws_sns_subscription.rb +0 -82
- data/lib/resources/aws/aws_sns_topic.rb +0 -57
- data/lib/resources/aws/aws_sns_topics.rb +0 -60
- data/lib/resources/aws/aws_sqs_queue.rb +0 -66
- data/lib/resources/aws/aws_subnet.rb +0 -92
- data/lib/resources/aws/aws_subnets.rb +0 -56
- data/lib/resources/aws/aws_vpc.rb +0 -77
- data/lib/resources/aws/aws_vpcs.rb +0 -55
- data/lib/resources/azure/azure_backend.rb +0 -379
- data/lib/resources/azure/azure_generic_resource.rb +0 -55
- data/lib/resources/azure/azure_resource_group.rb +0 -151
- data/lib/resources/azure/azure_virtual_machine.rb +0 -262
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +0 -131
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ec3da3f34b4db7ec19a7661f65e7214cae771a68eba365ccd34ef85b6da5e2db
|
4
|
+
data.tar.gz: 5024a42c2edb346442afaa905feaeb2e13f71cdd05969ab9e6ea74a05e3784df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ff108068407dad28dcd691dd8d655a8ac06ed45ea8d9abb46e70f5faf5551068a88ca1d6c10d48fd5a4f5a1630d90d016c143abad19e1fd1b33683fece1f8b5
|
7
|
+
data.tar.gz: 438f6855c469bc1bd975318bafacc9c847c94055bbdd4f27f06d36a4a20d040f1d37f6cc8921243f32cb27fccf3ec0e56a7ca4ef8cf2bf1704418a40885ea402
|
data/inspec.gemspec
CHANGED
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
|
|
13
13
|
spec.license = "Apache-2.0"
|
14
14
|
spec.require_paths = ["lib"]
|
15
15
|
|
16
|
-
spec.required_ruby_version = ">= 2.
|
16
|
+
spec.required_ruby_version = ">= 2.7"
|
17
17
|
|
18
18
|
# ONLY the aws/azure/gcp files. The rest will come in from inspec-core
|
19
19
|
# the gemspec is necessary for appbundler so don't remove it
|
@@ -31,6 +31,9 @@ Gem::Specification.new do |spec|
|
|
31
31
|
spec.add_dependency "cookstyle"
|
32
32
|
spec.add_dependency "rake"
|
33
33
|
|
34
|
+
# progress bar streaming reporter plugin support
|
35
|
+
spec.add_dependency "progress_bar", "~> 1.3.3"
|
36
|
+
|
34
37
|
# Used for Azure profile until integrated into train
|
35
38
|
spec.add_dependency "faraday_middleware", ">= 0.12.2", "< 1.1"
|
36
39
|
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-artifact"
|
6
|
+
spec.summary = ""
|
7
|
+
spec.description = "Plugin to generate asymmetrical keys that you can use to encrypt profiles"
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-compliance"
|
6
|
+
spec.summary = "Plugin to perform operations with Chef Automate"
|
7
|
+
spec.description = "This extensions will allow you to interact with Chef Automate"
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-habitat"
|
6
|
+
spec.summary = "Plugin to create/upload habitat package"
|
7
|
+
spec.description = "This extensions will allow you to create/upload habitat package from an inspec profile."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-init"
|
6
|
+
spec.summary = "Plugin for scaffolding profile, plugin or a resource"
|
7
|
+
spec.description = "This extensions helps you to easily create a new profile, plugin or a resource."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-plugin-manager-cli"
|
6
|
+
spec.summary = "CLI plugin for InSpec"
|
7
|
+
spec.description = "This is a CLI plugin for InSpec. It uses the Plugins API v2 to create a
|
8
|
+
series of commands to manage plugins."
|
9
|
+
spec.license = "Apache-2.0"
|
10
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-reporter-html2"
|
6
|
+
spec.summary = "Improved HTML reporter plugin"
|
7
|
+
spec.description = "An improved HTML output reporter specifically for Chef InSpec. Unlike the default html reporter, which is RSpec-based, this reporter knows about Chef InSpec structures like Controls and Profiles, and includes full metadata such as control tags, etc."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-reporter-json-min"
|
6
|
+
spec.summary = "Json-min json reporter plugin"
|
7
|
+
spec.description = "This plugin provides the `json-min` reporter, which produces test output in JSON format with less detail than the `json` reporter."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-reporter-junit"
|
6
|
+
spec.summary = "JUnit XML reporter plugin"
|
7
|
+
spec.description = "`junit` is the legacy Chef InSpec JUnit reporter, which is retained for backwards compatibility. It generates an XML report in Apache Ant JUnit format. The output format is considered nonstandard in several ways. New users are advised to use `junit2`."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# .gemspec file is added to add plugin details
|
2
|
+
# These specs are used in plugin list and search command
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "inspec-streaming-reporter-progress-bar"
|
6
|
+
spec.summary = "Displays a real-time progress bar and control title as output"
|
7
|
+
spec.description = "This plugin is a streaming reporter plugin which shows the real-time progress of a running InSpec profile using a progress bar. It also outputs the ID of a running control with an indicator showing if the control has passed, failed or skipped."
|
8
|
+
spec.license = "Apache-2.0"
|
9
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.12.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef InSpec Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: inspec-core
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 5.12.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 5.12.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: train
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: progress_bar
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 1.3.3
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 1.3.3
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: faraday_middleware
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -154,6 +168,10 @@ extra_rdoc_files: []
|
|
154
168
|
files:
|
155
169
|
- Gemfile
|
156
170
|
- inspec.gemspec
|
171
|
+
- lib/plugins/inspec-artifact/inspec-artifact.gemspec
|
172
|
+
- lib/plugins/inspec-compliance/inspec-compliance.gemspec
|
173
|
+
- lib/plugins/inspec-habitat/inspec-habitat.gemspec
|
174
|
+
- lib/plugins/inspec-init/inspec-init.gemspec
|
157
175
|
- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile
|
158
176
|
- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec
|
159
177
|
- lib/plugins/inspec-init/templates/profiles/aws/README.md
|
@@ -167,63 +185,11 @@ files:
|
|
167
185
|
- lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb
|
168
186
|
- lib/plugins/inspec-init/templates/profiles/gcp/inputs.yml
|
169
187
|
- lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
|
170
|
-
- lib/
|
171
|
-
- lib/
|
172
|
-
- lib/
|
173
|
-
- lib/
|
174
|
-
- lib/
|
175
|
-
- lib/resource_support/aws/aws_singular_resource_mixin.rb
|
176
|
-
- lib/resources/aws/aws_billing_report.rb
|
177
|
-
- lib/resources/aws/aws_billing_reports.rb
|
178
|
-
- lib/resources/aws/aws_cloudtrail_trail.rb
|
179
|
-
- lib/resources/aws/aws_cloudtrail_trails.rb
|
180
|
-
- lib/resources/aws/aws_cloudwatch_alarm.rb
|
181
|
-
- lib/resources/aws/aws_cloudwatch_log_metric_filter.rb
|
182
|
-
- lib/resources/aws/aws_config_delivery_channel.rb
|
183
|
-
- lib/resources/aws/aws_config_recorder.rb
|
184
|
-
- lib/resources/aws/aws_ebs_volume.rb
|
185
|
-
- lib/resources/aws/aws_ebs_volumes.rb
|
186
|
-
- lib/resources/aws/aws_ec2_instance.rb
|
187
|
-
- lib/resources/aws/aws_ec2_instances.rb
|
188
|
-
- lib/resources/aws/aws_ecs_cluster.rb
|
189
|
-
- lib/resources/aws/aws_eks_cluster.rb
|
190
|
-
- lib/resources/aws/aws_elb.rb
|
191
|
-
- lib/resources/aws/aws_elbs.rb
|
192
|
-
- lib/resources/aws/aws_flow_log.rb
|
193
|
-
- lib/resources/aws/aws_iam_access_key.rb
|
194
|
-
- lib/resources/aws/aws_iam_access_keys.rb
|
195
|
-
- lib/resources/aws/aws_iam_group.rb
|
196
|
-
- lib/resources/aws/aws_iam_groups.rb
|
197
|
-
- lib/resources/aws/aws_iam_password_policy.rb
|
198
|
-
- lib/resources/aws/aws_iam_policies.rb
|
199
|
-
- lib/resources/aws/aws_iam_policy.rb
|
200
|
-
- lib/resources/aws/aws_iam_role.rb
|
201
|
-
- lib/resources/aws/aws_iam_root_user.rb
|
202
|
-
- lib/resources/aws/aws_iam_user.rb
|
203
|
-
- lib/resources/aws/aws_iam_users.rb
|
204
|
-
- lib/resources/aws/aws_kms_key.rb
|
205
|
-
- lib/resources/aws/aws_kms_keys.rb
|
206
|
-
- lib/resources/aws/aws_rds_instance.rb
|
207
|
-
- lib/resources/aws/aws_route_table.rb
|
208
|
-
- lib/resources/aws/aws_route_tables.rb
|
209
|
-
- lib/resources/aws/aws_s3_bucket.rb
|
210
|
-
- lib/resources/aws/aws_s3_bucket_object.rb
|
211
|
-
- lib/resources/aws/aws_s3_buckets.rb
|
212
|
-
- lib/resources/aws/aws_security_group.rb
|
213
|
-
- lib/resources/aws/aws_security_groups.rb
|
214
|
-
- lib/resources/aws/aws_sns_subscription.rb
|
215
|
-
- lib/resources/aws/aws_sns_topic.rb
|
216
|
-
- lib/resources/aws/aws_sns_topics.rb
|
217
|
-
- lib/resources/aws/aws_sqs_queue.rb
|
218
|
-
- lib/resources/aws/aws_subnet.rb
|
219
|
-
- lib/resources/aws/aws_subnets.rb
|
220
|
-
- lib/resources/aws/aws_vpc.rb
|
221
|
-
- lib/resources/aws/aws_vpcs.rb
|
222
|
-
- lib/resources/azure/azure_backend.rb
|
223
|
-
- lib/resources/azure/azure_generic_resource.rb
|
224
|
-
- lib/resources/azure/azure_resource_group.rb
|
225
|
-
- lib/resources/azure/azure_virtual_machine.rb
|
226
|
-
- lib/resources/azure/azure_virtual_machine_data_disk.rb
|
188
|
+
- lib/plugins/inspec-plugin-manager-cli/inspec-plugin-manager-cli.gemspec
|
189
|
+
- lib/plugins/inspec-reporter-html2/inspec-reporter-html2.gemspec
|
190
|
+
- lib/plugins/inspec-reporter-json-min/inspec-reporter-json-min.gemspec
|
191
|
+
- lib/plugins/inspec-reporter-junit/inspec-reporter-junit.gemspec
|
192
|
+
- lib/plugins/inspec-streaming-reporter-progress-bar/inspec-streaming-reporter-progress-bar.gemspec
|
227
193
|
homepage: https://github.com/inspec/inspec
|
228
194
|
licenses:
|
229
195
|
- Apache-2.0
|
@@ -236,7 +202,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
236
202
|
requirements:
|
237
203
|
- - ">="
|
238
204
|
- !ruby/object:Gem::Version
|
239
|
-
version: '2.
|
205
|
+
version: '2.7'
|
240
206
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
241
207
|
requirements:
|
242
208
|
- - ">="
|
@@ -1,12 +0,0 @@
|
|
1
|
-
class AwsBackendBase
|
2
|
-
attr_reader :aws_transport
|
3
|
-
class << self; attr_accessor :aws_client_class end
|
4
|
-
|
5
|
-
def initialize(inspec = nil)
|
6
|
-
@aws_transport = inspec ? inspec.backend : nil
|
7
|
-
end
|
8
|
-
|
9
|
-
def aws_service_client
|
10
|
-
aws_transport.aws_client(self.class.aws_client_class)
|
11
|
-
end
|
12
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require "resource_support/aws/aws_resource_mixin"
|
2
|
-
require "resource_support/aws/aws_backend_factory_mixin"
|
3
|
-
|
4
|
-
module AwsPluralResourceMixin
|
5
|
-
include AwsResourceMixin
|
6
|
-
attr_reader :table
|
7
|
-
|
8
|
-
# This sets up a class, AwsSomeResource::BackendFactory, that
|
9
|
-
# provides a mechanism to create and use backends without
|
10
|
-
# having to know which is selected. This is mainly used for
|
11
|
-
# unit testing.
|
12
|
-
# TODO: DRY up. This code exists in both the Singular and Plural mixins.
|
13
|
-
# We'd like to put it in AwsResourceMixin, but included only sees the
|
14
|
-
# directly-including class - we can't see second-order includers.
|
15
|
-
def self.included(base)
|
16
|
-
# Create a new class, whose body is simply to extend the
|
17
|
-
# backend factory mixin
|
18
|
-
resource_backend_factory_class = Class.new(Object) do
|
19
|
-
extend AwsBackendFactoryMixin
|
20
|
-
end
|
21
|
-
# Name that class
|
22
|
-
base.const_set("BackendFactory", resource_backend_factory_class)
|
23
|
-
end
|
24
|
-
end
|
@@ -1,69 +0,0 @@
|
|
1
|
-
module AwsResourceMixin
|
2
|
-
def initialize(resource_params = {})
|
3
|
-
Inspec.deprecate(:aws_resources_in_resource_pack,
|
4
|
-
"Resource '#{@__resource_name__ ||= self.class.to_s}'")
|
5
|
-
validate_params(resource_params).each do |param, value|
|
6
|
-
instance_variable_set(:"@#{param}", value)
|
7
|
-
end
|
8
|
-
catch_aws_errors do
|
9
|
-
fetch_from_api
|
10
|
-
end
|
11
|
-
rescue ArgumentError => e
|
12
|
-
# continue with ArgumentError if testing
|
13
|
-
raise unless respond_to?(:inspec) && inspec
|
14
|
-
|
15
|
-
raise Inspec::Exceptions::ResourceFailed, e.message
|
16
|
-
end
|
17
|
-
|
18
|
-
# Default implementation of validate params accepts everything.
|
19
|
-
def validate_params(resource_params)
|
20
|
-
resource_params
|
21
|
-
end
|
22
|
-
|
23
|
-
def check_resource_param_names(raw_params: {}, allowed_params: [], allowed_scalar_name: nil, allowed_scalar_type: nil)
|
24
|
-
# Some resources allow passing in a single ID value. Check and convert to hash if so.
|
25
|
-
if allowed_scalar_name && !raw_params.is_a?(Hash)
|
26
|
-
value_seen = raw_params
|
27
|
-
if value_seen.is_a?(allowed_scalar_type)
|
28
|
-
raw_params = { allowed_scalar_name => value_seen }
|
29
|
-
else
|
30
|
-
raise ArgumentError, "If you pass a single value to the resource, it must " \
|
31
|
-
"be a #{allowed_scalar_type}, not an #{value_seen.class}."
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
# Remove all expected params from the raw param hash
|
36
|
-
recognized_params = {}
|
37
|
-
allowed_params.each do |expected_param|
|
38
|
-
recognized_params[expected_param] = raw_params.delete(expected_param) if raw_params.key?(expected_param)
|
39
|
-
end
|
40
|
-
|
41
|
-
# Any leftovers are unwelcome
|
42
|
-
unless raw_params.empty?
|
43
|
-
raise ArgumentError, "Unrecognized resource param '#{raw_params.keys.first}'. Expected parameters: #{allowed_params.join(", ")}"
|
44
|
-
end
|
45
|
-
|
46
|
-
recognized_params
|
47
|
-
end
|
48
|
-
|
49
|
-
def inspec_runner
|
50
|
-
# When running under inspec-cli, we have an 'inspec' method that
|
51
|
-
# returns the runner. When running under unit tests, we don't
|
52
|
-
# have that, but we still have to call this to pass something
|
53
|
-
# (nil is OK) to the backend.
|
54
|
-
# TODO: remove with https://github.com/chef/inspec-aws/issues/216
|
55
|
-
inspec if respond_to?(:inspec)
|
56
|
-
end
|
57
|
-
|
58
|
-
# Intercept AWS exceptions
|
59
|
-
def catch_aws_errors
|
60
|
-
yield
|
61
|
-
rescue Aws::Errors::MissingCredentialsError
|
62
|
-
# The AWS error here is unhelpful:
|
63
|
-
# "unable to sign request without credentials set"
|
64
|
-
Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://docs.chef.io/inspec/platforms/ for details."
|
65
|
-
fail_resource("No AWS credentials available")
|
66
|
-
rescue Aws::Errors::ServiceError => e
|
67
|
-
fail_resource e.message
|
68
|
-
end
|
69
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
require "resource_support/aws/aws_resource_mixin"
|
2
|
-
require "resource_support/aws/aws_backend_factory_mixin"
|
3
|
-
|
4
|
-
module AwsSingularResourceMixin
|
5
|
-
include AwsResourceMixin
|
6
|
-
|
7
|
-
def exists?
|
8
|
-
@exists
|
9
|
-
end
|
10
|
-
|
11
|
-
# This sets up a class, AwsSomeResource::BackendFactory, that
|
12
|
-
# provides a mechanism to create and use backends without
|
13
|
-
# having to know which is selected. This is mainly used for
|
14
|
-
# unit testing.
|
15
|
-
# TODO: DRY up. This code exists in both the Singular and Plural mixins.
|
16
|
-
# We'd like to put it in AwsResourceMixin, but included only sees the
|
17
|
-
# directly-including class - we can't see second-order includers.
|
18
|
-
def self.included(base)
|
19
|
-
# Create a new class, whose body is simply to extend the
|
20
|
-
# backend factory mixin
|
21
|
-
resource_backend_factory_class = Class.new(Object) do
|
22
|
-
extend AwsBackendFactoryMixin
|
23
|
-
end
|
24
|
-
# Name that class
|
25
|
-
base.const_set("BackendFactory", resource_backend_factory_class)
|
26
|
-
end
|
27
|
-
end
|
data/lib/resource_support/aws.rb
DELETED
@@ -1,76 +0,0 @@
|
|
1
|
-
# Main AWS loader file. The intent is for this to be
|
2
|
-
# loaded only if AWS resources are needed.
|
3
|
-
|
4
|
-
require "aws-sdk-core"
|
5
|
-
|
6
|
-
require "aws-sdk-cloudtrail"
|
7
|
-
require "aws-sdk-cloudwatch"
|
8
|
-
require "aws-sdk-cloudwatchlogs"
|
9
|
-
require "aws-sdk-costandusagereportservice"
|
10
|
-
require "aws-sdk-configservice"
|
11
|
-
require "aws-sdk-ec2"
|
12
|
-
require "aws-sdk-ecs"
|
13
|
-
require "aws-sdk-eks"
|
14
|
-
require "aws-sdk-elasticloadbalancing"
|
15
|
-
require "aws-sdk-iam"
|
16
|
-
require "aws-sdk-kms"
|
17
|
-
require "aws-sdk-rds"
|
18
|
-
require "aws-sdk-s3"
|
19
|
-
require "aws-sdk-sqs"
|
20
|
-
require "aws-sdk-sns"
|
21
|
-
|
22
|
-
require "resource_support/aws/aws_backend_factory_mixin"
|
23
|
-
require "resource_support/aws/aws_resource_mixin"
|
24
|
-
require "resource_support/aws/aws_singular_resource_mixin"
|
25
|
-
require "resource_support/aws/aws_plural_resource_mixin"
|
26
|
-
require "resource_support/aws/aws_backend_base"
|
27
|
-
|
28
|
-
# Load all AWS resources
|
29
|
-
# TODO: loop over and load entire directory
|
30
|
-
# for f in ls lib/resources/aws/*; do t=$(echo $f | cut -c 5- | cut -f1 -d. ); echo "require '${t}'"; done
|
31
|
-
require "resources/aws/aws_billing_report"
|
32
|
-
require "resources/aws/aws_billing_reports"
|
33
|
-
require "resources/aws/aws_cloudtrail_trail"
|
34
|
-
require "resources/aws/aws_cloudtrail_trails"
|
35
|
-
require "resources/aws/aws_cloudwatch_alarm"
|
36
|
-
require "resources/aws/aws_cloudwatch_log_metric_filter"
|
37
|
-
require "resources/aws/aws_config_delivery_channel"
|
38
|
-
require "resources/aws/aws_config_recorder"
|
39
|
-
require "resources/aws/aws_ec2_instance"
|
40
|
-
require "resources/aws/aws_ebs_volume"
|
41
|
-
require "resources/aws/aws_ebs_volumes"
|
42
|
-
require "resources/aws/aws_flow_log"
|
43
|
-
require "resources/aws/aws_ec2_instances"
|
44
|
-
require "resources/aws/aws_ecs_cluster"
|
45
|
-
require "resources/aws/aws_eks_cluster"
|
46
|
-
require "resources/aws/aws_elb"
|
47
|
-
require "resources/aws/aws_elbs"
|
48
|
-
require "resources/aws/aws_iam_access_key"
|
49
|
-
require "resources/aws/aws_iam_access_keys"
|
50
|
-
require "resources/aws/aws_iam_group"
|
51
|
-
require "resources/aws/aws_iam_groups"
|
52
|
-
require "resources/aws/aws_iam_password_policy"
|
53
|
-
require "resources/aws/aws_iam_policies"
|
54
|
-
require "resources/aws/aws_iam_policy"
|
55
|
-
require "resources/aws/aws_iam_role"
|
56
|
-
require "resources/aws/aws_iam_root_user"
|
57
|
-
require "resources/aws/aws_iam_user"
|
58
|
-
require "resources/aws/aws_iam_users"
|
59
|
-
require "resources/aws/aws_kms_key"
|
60
|
-
require "resources/aws/aws_kms_keys"
|
61
|
-
require "resources/aws/aws_rds_instance"
|
62
|
-
require "resources/aws/aws_route_table"
|
63
|
-
require "resources/aws/aws_route_tables"
|
64
|
-
require "resources/aws/aws_s3_bucket"
|
65
|
-
require "resources/aws/aws_s3_bucket_object"
|
66
|
-
require "resources/aws/aws_s3_buckets"
|
67
|
-
require "resources/aws/aws_security_group"
|
68
|
-
require "resources/aws/aws_security_groups"
|
69
|
-
require "resources/aws/aws_sns_subscription"
|
70
|
-
require "resources/aws/aws_sns_topic"
|
71
|
-
require "resources/aws/aws_sns_topics"
|
72
|
-
require "resources/aws/aws_sqs_queue"
|
73
|
-
require "resources/aws/aws_subnet"
|
74
|
-
require "resources/aws/aws_subnets"
|
75
|
-
require "resources/aws/aws_vpc"
|
76
|
-
require "resources/aws/aws_vpcs"
|
@@ -1,105 +0,0 @@
|
|
1
|
-
require "resource_support/aws/aws_singular_resource_mixin"
|
2
|
-
require "resource_support/aws/aws_backend_base"
|
3
|
-
|
4
|
-
require "aws-sdk-costandusagereportservice"
|
5
|
-
|
6
|
-
class AwsBillingReport < Inspec.resource(1)
|
7
|
-
name "aws_billing_report"
|
8
|
-
supports platform: "aws"
|
9
|
-
desc "Verifies settings for AWS Cost and Billing Reports."
|
10
|
-
example <<~EXAMPLE
|
11
|
-
describe aws_billing_report('inspec1') do
|
12
|
-
its('report_name') { should cmp 'inspec1' }
|
13
|
-
its('time_unit') { should cmp 'hourly' }
|
14
|
-
end
|
15
|
-
|
16
|
-
describe aws_billing_report(report: 'inspec1') do
|
17
|
-
it { should exist }
|
18
|
-
end
|
19
|
-
EXAMPLE
|
20
|
-
|
21
|
-
include AwsSingularResourceMixin
|
22
|
-
|
23
|
-
attr_reader :report_name, :time_unit, :format, :compression, :s3_bucket,
|
24
|
-
:s3_prefix, :s3_region
|
25
|
-
|
26
|
-
def to_s
|
27
|
-
"AWS Billing Report #{report_name}"
|
28
|
-
end
|
29
|
-
|
30
|
-
def hourly?
|
31
|
-
exists? ? time_unit.eql?("hourly") : nil
|
32
|
-
end
|
33
|
-
|
34
|
-
def daily?
|
35
|
-
exists? ? time_unit.eql?("daily") : nil
|
36
|
-
end
|
37
|
-
|
38
|
-
def zip?
|
39
|
-
exists? ? compression.eql?("zip") : nil
|
40
|
-
end
|
41
|
-
|
42
|
-
def gzip?
|
43
|
-
exists? ? compression.eql?("gzip") : nil
|
44
|
-
end
|
45
|
-
|
46
|
-
private
|
47
|
-
|
48
|
-
def validate_params(raw_params)
|
49
|
-
validated_params = check_resource_param_names(
|
50
|
-
raw_params: raw_params,
|
51
|
-
allowed_params: [:report_name],
|
52
|
-
allowed_scalar_name: :report_name,
|
53
|
-
allowed_scalar_type: String
|
54
|
-
)
|
55
|
-
|
56
|
-
if validated_params.empty?
|
57
|
-
raise ArgumentError, "You must provide the parameter 'report_name' to aws_billing_report."
|
58
|
-
end
|
59
|
-
|
60
|
-
validated_params
|
61
|
-
end
|
62
|
-
|
63
|
-
def fetch_from_api
|
64
|
-
report = find_report(report_name)
|
65
|
-
@exists = !report.nil?
|
66
|
-
if exists?
|
67
|
-
@time_unit = report.time_unit.downcase
|
68
|
-
@format = report.format.downcase
|
69
|
-
@compression = report.compression.downcase
|
70
|
-
@s3_bucket = report.s3_bucket
|
71
|
-
@s3_prefix = report.s3_prefix
|
72
|
-
@s3_region = report.s3_region
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
def find_report(report_name)
|
77
|
-
pagination_opts = {}
|
78
|
-
found_report_def = nil
|
79
|
-
while found_report_def.nil?
|
80
|
-
api_result = backend.describe_report_definitions(pagination_opts)
|
81
|
-
next_token = api_result.next_token
|
82
|
-
found_report_def = api_result.report_definitions.find { |report_def| report_def.report_name == report_name }
|
83
|
-
pagination_opts = { next_token: next_token }
|
84
|
-
|
85
|
-
next if found_report_def.nil? && next_token # Loop again: didn't find it, but there are more results
|
86
|
-
break if found_report_def.nil? && next_token.nil? # Give up: didn't find it, no more results
|
87
|
-
end
|
88
|
-
found_report_def
|
89
|
-
end
|
90
|
-
|
91
|
-
def backend
|
92
|
-
@backend ||= BackendFactory.create(inspec_runner)
|
93
|
-
end
|
94
|
-
|
95
|
-
class Backend
|
96
|
-
class AwsClientApi < AwsBackendBase
|
97
|
-
AwsBillingReport::BackendFactory.set_default_backend(self)
|
98
|
-
self.aws_client_class = Aws::CostandUsageReportService::Client
|
99
|
-
|
100
|
-
def describe_report_definitions(query = {})
|
101
|
-
aws_service_client.describe_report_definitions(query)
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|
105
|
-
end
|