RubyGems - inspec - Versions diffs - 4.56.19 → 5.7.9 - Mend

inspec 4.56.19 → 5.7.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

checksums.yaml +4 -4
data/inspec.gemspec +4 -1
data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml +1 -1
metadata +19 -62
data/lib/resource_support/aws/aws_backend_base.rb +0 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +0 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +0 -24
data/lib/resource_support/aws/aws_resource_mixin.rb +0 -69
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +0 -27
data/lib/resource_support/aws.rb +0 -76
data/lib/resources/aws/aws_billing_report.rb +0 -105
data/lib/resources/aws/aws_billing_reports.rb +0 -74
data/lib/resources/aws/aws_cloudtrail_trail.rb +0 -97
data/lib/resources/aws/aws_cloudtrail_trails.rb +0 -51
data/lib/resources/aws/aws_cloudwatch_alarm.rb +0 -67
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +0 -105
data/lib/resources/aws/aws_config_delivery_channel.rb +0 -74
data/lib/resources/aws/aws_config_recorder.rb +0 -99
data/lib/resources/aws/aws_ebs_volume.rb +0 -127
data/lib/resources/aws/aws_ebs_volumes.rb +0 -69
data/lib/resources/aws/aws_ec2_instance.rb +0 -162
data/lib/resources/aws/aws_ec2_instances.rb +0 -69
data/lib/resources/aws/aws_ecs_cluster.rb +0 -87
data/lib/resources/aws/aws_eks_cluster.rb +0 -105
data/lib/resources/aws/aws_elb.rb +0 -85
data/lib/resources/aws/aws_elbs.rb +0 -84
data/lib/resources/aws/aws_flow_log.rb +0 -106
data/lib/resources/aws/aws_iam_access_key.rb +0 -112
data/lib/resources/aws/aws_iam_access_keys.rb +0 -153
data/lib/resources/aws/aws_iam_group.rb +0 -62
data/lib/resources/aws/aws_iam_groups.rb +0 -56
data/lib/resources/aws/aws_iam_password_policy.rb +0 -121
data/lib/resources/aws/aws_iam_policies.rb +0 -57
data/lib/resources/aws/aws_iam_policy.rb +0 -311
data/lib/resources/aws/aws_iam_role.rb +0 -60
data/lib/resources/aws/aws_iam_root_user.rb +0 -82
data/lib/resources/aws/aws_iam_user.rb +0 -145
data/lib/resources/aws/aws_iam_users.rb +0 -160
data/lib/resources/aws/aws_kms_key.rb +0 -100
data/lib/resources/aws/aws_kms_keys.rb +0 -58
data/lib/resources/aws/aws_rds_instance.rb +0 -74
data/lib/resources/aws/aws_route_table.rb +0 -67
data/lib/resources/aws/aws_route_tables.rb +0 -64
data/lib/resources/aws/aws_s3_bucket.rb +0 -141
data/lib/resources/aws/aws_s3_bucket_object.rb +0 -87
data/lib/resources/aws/aws_s3_buckets.rb +0 -52
data/lib/resources/aws/aws_security_group.rb +0 -314
data/lib/resources/aws/aws_security_groups.rb +0 -71
data/lib/resources/aws/aws_sns_subscription.rb +0 -82
data/lib/resources/aws/aws_sns_topic.rb +0 -57
data/lib/resources/aws/aws_sns_topics.rb +0 -60
data/lib/resources/aws/aws_sqs_queue.rb +0 -66
data/lib/resources/aws/aws_subnet.rb +0 -92
data/lib/resources/aws/aws_subnets.rb +0 -56
data/lib/resources/aws/aws_vpc.rb +0 -77
data/lib/resources/aws/aws_vpcs.rb +0 -55
data/lib/resources/azure/azure_backend.rb +0 -379
data/lib/resources/azure/azure_generic_resource.rb +0 -55
data/lib/resources/azure/azure_resource_group.rb +0 -151
data/lib/resources/azure/azure_virtual_machine.rb +0 -262
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +0 -131

data/lib/resources/aws/aws_iam_users.rb DELETED Viewed

@@ -1,160 +0,0 @@
-require "resource_support/aws/aws_plural_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-iam"
-class AwsIamUsers < Inspec.resource(1)
-  name "aws_iam_users"
-  desc "Verifies settings for AWS IAM users"
-  example <<~EXAMPLE
-    describe aws_iam_users.where(has_mfa_enabled?: false) do
-      it { should_not exist }
-    end
-    describe aws_iam_users.where(has_console_password?: true) do
-      it { should exist }
-    end
-    describe aws_iam_users.where(has_inline_policies?: true) do
-      it { should_not exist }
-    end
-    describe aws_iam_users.where(has_attached_policies?: true) do
-      it { should_not exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsPluralResourceMixin
-  def self.lazy_get_login_profile(row, _criterion, table)
-    backend = BackendFactory.create(table.resource.inspec_runner)
-    begin
-      _login_profile = backend.get_login_profile(user_name: row[:user_name])
-      row[:has_console_password] = true
-    rescue Aws::IAM::Errors::NoSuchEntity
-      row[:has_console_password] = false
-    end
-    row[:has_console_password?] = row[:has_console_password]
-  end
-  def self.lazy_list_mfa_devices(row, _criterion, table)
-    backend = BackendFactory.create(table.resource.inspec_runner)
-    begin
-      aws_mfa_devices = backend.list_mfa_devices(user_name: row[:user_name])
-      row[:has_mfa_enabled] = !aws_mfa_devices.mfa_devices.empty?
-    rescue Aws::IAM::Errors::NoSuchEntity
-      row[:has_mfa_enabled] = false
-    end
-    row[:has_mfa_enabled?] = row[:has_mfa_enabled]
-  end
-  def self.lazy_list_user_policies(row, _criterion, table)
-    backend = BackendFactory.create(table.resource.inspec_runner)
-    row[:inline_policy_names] = backend.list_user_policies(user_name: row[:user_name]).policy_names
-    row[:has_inline_policies] = !row[:inline_policy_names].empty?
-    row[:has_inline_policies?] = row[:has_inline_policies]
-  end
-  def self.lazy_list_attached_policies(row, _criterion, table)
-    backend = BackendFactory.create(table.resource.inspec_runner)
-    attached_policies = backend.list_attached_user_policies(user_name: row[:user_name]).attached_policies
-    row[:has_attached_policies] = !attached_policies.empty?
-    row[:has_attached_policies?] = row[:has_attached_policies]
-    row[:attached_policy_names] = attached_policies.map { |p| p[:policy_name] }
-    row[:attached_policy_arns] = attached_policies.map { |p| p[:policy_arn] }
-  end
-  filter = FilterTable.create
-  # These are included on the initial fetch
-  filter.register_column(:usernames, field: :user_name)
-    .register_column(:username) { |res| res.entries.map { |row| row[:user_name] } } # We should deprecate this; plural resources get plural properties
-    .register_column(:password_ever_used?, field: :password_ever_used?)
-    .register_column(:password_never_used?, field: :password_never_used?)
-    .register_column(:password_last_used_days_ago, field: :password_last_used_days_ago)
-  # Remaining properties / criteria are handled lazily, grouped by fetcher
-  filter.register_column(:has_console_password?, field: :has_console_password?, lazy: method(:lazy_get_login_profile))
-    .register_column(:has_console_password, field: :has_console_password, lazy: method(:lazy_get_login_profile))
-  filter.register_column(:has_mfa_enabled?, field: :has_mfa_enabled?, lazy: method(:lazy_list_mfa_devices))
-    .register_column(:has_mfa_enabled, field: :has_mfa_enabled, lazy: method(:lazy_list_mfa_devices))
-  filter.register_column(:has_inline_policies?, field: :has_inline_policies?, lazy: method(:lazy_list_user_policies))
-    .register_column(:has_inline_policies, field: :has_inline_policies, lazy: method(:lazy_list_user_policies))
-    .register_column(:inline_policy_names, field: :inline_policy_names, style: :simple, lazy: method(:lazy_list_user_policies))
-  filter.register_column(:has_attached_policies?, field: :has_attached_policies?, lazy: method(:lazy_list_attached_policies))
-    .register_column(:has_attached_policies, field: :has_attached_policies, lazy: method(:lazy_list_attached_policies))
-    .register_column(:attached_policy_names, field: :attached_policy_names, style: :simple, lazy: method(:lazy_list_attached_policies))
-    .register_column(:attached_policy_arns, field: :attached_policy_arns, style: :simple, lazy: method(:lazy_list_attached_policies))
-  filter.install_filter_methods_on_resource(self, :table)
-  def validate_params(raw_params)
-    # No params yet
-    unless raw_params.empty?
-      raise ArgumentError, "aws_iam_users does not accept resource parameters"
-    end
-    raw_params
-  end
-  def fetch_from_api_paginated(backend)
-    table = []
-    page_marker = nil
-    loop do
-      api_result = backend.list_users(marker: page_marker)
-      table += api_result.users.map(&:to_h)
-      page_marker = api_result.marker
-      break unless api_result.is_truncated
-    end
-    table
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    @table = fetch_from_api_paginated(backend)
-    @table.each do |user|
-      password_last_used = user[:password_last_used]
-      user[:password_ever_used?] = !password_last_used.nil?
-      user[:password_never_used?] = password_last_used.nil?
-      if user[:password_ever_used?]
-        user[:password_last_used_days_ago] = ((Time.now - password_last_used) / (24 * 60 * 60)).to_i
-      end
-    end
-    @table
-  end
-  def to_s
-    "IAM Users"
-  end
-  #===========================================================================#
-  #                        Backend Implementation
-  #===========================================================================#
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::IAM::Client
-      # TODO: delegate this out
-      def list_users(query = {})
-        aws_service_client.list_users(query)
-      end
-      def get_login_profile(query)
-        aws_service_client.get_login_profile(query)
-      end
-      def list_mfa_devices(query)
-        aws_service_client.list_mfa_devices(query)
-      end
-      def list_user_policies(query)
-        aws_service_client.list_user_policies(query)
-      end
-      def list_attached_user_policies(query)
-        aws_service_client.list_attached_user_policies(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_kms_key.rb DELETED Viewed

@@ -1,100 +0,0 @@
-require "resource_support/aws/aws_singular_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-kms"
-class AwsKmsKey < Inspec.resource(1)
-  name "aws_kms_key"
-  desc "Verifies settings for an individual AWS KMS Key"
-  example <<~EXAMPLE
-    describe aws_kms_key('arn:aws:kms:us-east-1::key/4321dcba-21io-23de-85he-ab0987654321') do
-      it { should exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsSingularResourceMixin
-  attr_reader :key_id, :arn, :creation_date, :key_usage, :key_state, :description,
-              :deletion_date, :valid_to, :external, :has_key_expiration, :managed_by_aws,
-              :has_rotation_enabled, :enabled
-  # Use aliases for matchers
-  alias deletion_time deletion_date
-  alias invalidation_time valid_to
-  alias external? external
-  alias enabled? enabled
-  alias managed_by_aws? managed_by_aws
-  alias has_key_expiration? has_key_expiration
-  alias has_rotation_enabled? has_rotation_enabled
-  def to_s
-    "KMS Key #{@key_id}"
-  end
-  def created_days_ago
-    ((Time.now - creation_date) / (24 * 60 * 60)).to_i unless creation_date.nil?
-  end
-  private
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:key_id],
-      allowed_scalar_name: :key_id,
-      allowed_scalar_type: String
-    )
-    if validated_params.empty?
-      raise ArgumentError, "You must provide the parameter 'key_id' to aws_kms_key."
-    end
-    validated_params
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    query = { key_id: @key_id }
-    catch_aws_errors do
-      resp = backend.describe_key(query)
-      @exists = true
-      @key = resp.key_metadata.to_h
-      @key_id = @key[:key_id]
-      @arn = @key[:arn]
-      @creation_date = @key[:creation_date]
-      @enabled = @key[:enabled]
-      @description = @key[:description]
-      @key_usage = @key[:key_usage]
-      @key_state = @key[:key_state]
-      @deletion_date = @key[:deletion_date]
-      @valid_to = @key[:valid_to]
-      @external = @key[:origin] == "EXTERNAL"
-      @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
-      @managed_by_aws = @key[:key_manager] == "AWS"
-      resp = backend.get_key_rotation_status(query)
-      @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
-    rescue Aws::KMS::Errors::NotFoundException
-      @exists = false
-      return
-    end
-  end
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::KMS::Client
-      def describe_key(query)
-        aws_service_client.describe_key(query)
-      end
-      def get_key_rotation_status(query)
-        aws_service_client.get_key_rotation_status(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_kms_keys.rb DELETED Viewed

@@ -1,58 +0,0 @@
-require "resource_support/aws/aws_plural_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-kms"
-class AwsKmsKeys < Inspec.resource(1)
-  name "aws_kms_keys"
-  desc "Verifies settings for AWS KMS Keys in bulk"
-  example <<~EXAMPLE
-    describe aws_kms_keys do
-      it { should exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsPluralResourceMixin
-  def validate_params(resource_params)
-    unless resource_params.empty?
-      raise ArgumentError, "aws_kms_keys does not accept resource parameters."
-    end
-    resource_params
-  end
-  # Underlying FilterTable implementation.
-  filter = FilterTable.create
-  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-  filter.register_column(:key_arns, field: :key_arn)
-    .register_column(:key_ids, field: :key_id)
-  filter.install_filter_methods_on_resource(self, :table)
-  def to_s
-    "KMS Keys"
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    @table = []
-    pagination_opts = { limit: 1000 }
-    loop do
-      api_result = backend.list_keys(pagination_opts)
-      @table += api_result.keys.map(&:to_h)
-      break unless api_result.truncated
-      pagination_opts = { marker: api_result.next_marker }
-    end
-  end
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::KMS::Client
-      def list_keys(query = {})
-        aws_service_client.list_keys(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_rds_instance.rb DELETED Viewed

@@ -1,74 +0,0 @@
-require "resource_support/aws/aws_singular_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-rds"
-class AwsRdsInstance < Inspec.resource(1)
-  name "aws_rds_instance"
-  desc "Verifies settings for an rds instance"
-  example <<~EXAMPLE
-    describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
-      it { should exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsSingularResourceMixin
-  attr_reader :db_instance_identifier
-  def to_s
-    "RDS Instance #{@db_instance_identifier}"
-  end
-  private
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:db_instance_identifier],
-      allowed_scalar_name: :db_instance_identifier,
-      allowed_scalar_type: String
-    )
-    if validated_params.empty? || !validated_params.key?(:db_instance_identifier)
-      raise ArgumentError, "You must provide an id for the aws_rds_instance."
-    end
-    if validated_params.key?(:db_instance_identifier) && validated_params[:db_instance_identifier] !~ /^[a-z]{1}[0-9a-z\-]{0,62}$/
-      raise ArgumentError, "aws_rds_instance Database Instance ID must be in the format: start with a letter followed by up to 62 letters/numbers/hyphens."
-    end
-    validated_params
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    dsg_response = nil
-    catch_aws_errors do
-      dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
-      @exists = true
-    rescue Aws::RDS::Errors::DBInstanceNotFound
-      @exists = false
-      return
-    end
-    if dsg_response.db_instances.empty?
-      @exists = false
-      return
-    end
-    @db_instance_identifier = dsg_response.db_instances[0].db_instance_identifier
-  end
-  # Uses the SDK API to really talk to AWS
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::RDS::Client
-      def describe_db_instances(query)
-        aws_service_client.describe_db_instances(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_route_table.rb DELETED Viewed

@@ -1,67 +0,0 @@
-require "resource_support/aws/aws_singular_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-ec2"
-class AwsRouteTable < Inspec.resource(1)
-  name "aws_route_table"
-  desc "Verifies settings for an AWS Route Table"
-  example <<~EXAMPLE
-    describe aws_route_table do
-      its('route_table_id') { should cmp 'rtb-05462d2278326a79c' }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsSingularResourceMixin
-  def to_s
-    "Route Table #{@route_table_id}"
-  end
-  attr_reader :route_table_id, :vpc_id
-  private
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:route_table_id],
-      allowed_scalar_name: :route_table_id,
-      allowed_scalar_type: String
-    )
-    if validated_params.key?(:route_table_id) &&
-        validated_params[:route_table_id] !~ /^rtb\-([0-9a-f]{17})|(^rtb\-[0-9a-f]{8})$/
-      raise ArgumentError,
-            "aws_route_table Route Table ID must be in the" \
-            ' format "rtb-" followed by 8 or 17 hexadecimal characters.'
-    end
-    validated_params
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    if @route_table_id.nil?
-      args = nil
-    else
-      args = { filters: [{ name: "route-table-id", values: [@route_table_id] }] }
-    end
-    resp = backend.describe_route_tables(args)
-    routetable = resp.to_h[:route_tables]
-    @exists = !routetable.empty?
-  end
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::EC2::Client
-      def describe_route_tables(query)
-        aws_service_client.describe_route_tables(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_route_tables.rb DELETED Viewed

@@ -1,64 +0,0 @@
-require "resource_support/aws/aws_plural_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-ec2"
-class AwsRouteTables < Inspec.resource(1)
-  name "aws_route_tables"
-  desc "Verifies settings for AWS Route Tables in bulk"
-  example <<~EXAMPLE
-    describe aws_route_tables do
-      it { should exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsPluralResourceMixin
-  # Underlying FilterTable implementation.
-  filter = FilterTable.create
-  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-  filter.register_column(:vpc_ids, field: :vpc_id)
-    .register_column(:route_table_ids, field: :route_table_id)
-  filter.install_filter_methods_on_resource(self, :routes_data)
-  def routes_data
-    @table
-  end
-  def to_s
-    "Route Tables"
-  end
-  private
-  def validate_params(raw_criteria)
-    unless raw_criteria.is_a? Hash
-      raise "Unrecognized criteria for fetching Route Tables. " \
-            "Use 'criteria: value' format."
-    end
-    # No criteria yet
-    unless raw_criteria.empty?
-      raise ArgumentError, "aws_route_tables does not currently accept resource parameters."
-    end
-    raw_criteria
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    catch_aws_errors do
-      @table = backend.describe_route_tables({}).to_h[:route_tables]
-    end
-  end
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend self
-      self.aws_client_class = Aws::EC2::Client
-      def describe_route_tables(query = {})
-        aws_service_client.describe_route_tables(query)
-      end
-    end
-  end
-end

data/lib/resources/aws/aws_s3_bucket.rb DELETED Viewed

@@ -1,141 +0,0 @@
-require "resource_support/aws/aws_singular_resource_mixin"
-require "resource_support/aws/aws_backend_base"
-require "aws-sdk-s3"
-class AwsS3Bucket < Inspec.resource(1)
-  name "aws_s3_bucket"
-  desc "Verifies settings for a s3 bucket"
-  example <<~EXAMPLE
-    describe aws_s3_bucket(bucket_name: 'test_bucket') do
-      it { should exist }
-    end
-  EXAMPLE
-  supports platform: "aws"
-  include AwsSingularResourceMixin
-  attr_reader :bucket_name, :has_default_encryption_enabled, :has_access_logging_enabled, :region
-  def to_s
-    "S3 Bucket #{@bucket_name}"
-  end
-  def bucket_acl
-    catch_aws_errors do
-      @bucket_acl ||= BackendFactory.create(inspec_runner).get_bucket_acl(bucket: bucket_name).grants
-    end
-  end
-  def bucket_policy
-    @bucket_policy ||= fetch_bucket_policy
-  end
-  # RSpec will alias this to be_public
-  def public?
-    # first line just for formatting
-    false || \
-      bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/ } || \
-      bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AuthenticatedUsers/ } || \
-      bucket_policy.any? { |s| s.effect == "Allow" && s.principal == "*" }
-  end
-  def has_default_encryption_enabled?
-    return false unless @exists
-    @has_default_encryption_enabled ||= fetch_bucket_encryption_configuration
-  end
-  def has_access_logging_enabled?
-    return false unless @exists
-    catch_aws_errors do
-      @has_access_logging_enabled ||= !BackendFactory.create(inspec_runner).get_bucket_logging(bucket: bucket_name).logging_enabled.nil?
-    end
-  end
-  private
-  def validate_params(raw_params)
-    validated_params = check_resource_param_names(
-      raw_params: raw_params,
-      allowed_params: [:bucket_name],
-      allowed_scalar_name: :bucket_name,
-      allowed_scalar_type: String
-    )
-    if validated_params.empty? || !validated_params.key?(:bucket_name)
-      raise ArgumentError, "You must provide a bucket_name to aws_s3_bucket."
-    end
-    validated_params
-  end
-  def fetch_from_api
-    backend = BackendFactory.create(inspec_runner)
-    # Since there is no basic "get_bucket" API call, use the
-    # region fetch as the existence check.
-    begin
-      @region = backend.get_bucket_location(bucket: bucket_name).location_constraint
-    rescue Aws::S3::Errors::NoSuchBucket
-      @exists = false
-      return
-    end
-    @exists = true
-  end
-  def fetch_bucket_policy
-    backend = BackendFactory.create(inspec_runner)
-    catch_aws_errors do
-      # AWS SDK returns a StringIO, we have to read()
-      raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
-      return JSON.parse(raw_policy.read)["Statement"].map do |statement|
-        lowercase_hash = {}
-        statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
-        @bucket_policy = OpenStruct.new(lowercase_hash)
-      end
-    rescue Aws::S3::Errors::NoSuchBucketPolicy
-      @bucket_policy = []
-    end
-  end
-  def fetch_bucket_encryption_configuration
-    @has_default_encryption_enabled ||= catch_aws_errors do
-      !BackendFactory.create(inspec_runner)
-        .get_bucket_encryption(bucket: bucket_name)
-        .server_side_encryption_configuration
-        .nil?
-    rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
-      false
-    end
-  end
-  # Uses the SDK API to really talk to AWS
-  class Backend
-    class AwsClientApi < AwsBackendBase
-      BackendFactory.set_default_backend(self)
-      self.aws_client_class = Aws::S3::Client
-      def get_bucket_acl(query)
-        aws_service_client.get_bucket_acl(query)
-      end
-      def get_bucket_location(query)
-        aws_service_client.get_bucket_location(query)
-      end
-      def get_bucket_policy(query)
-        aws_service_client.get_bucket_policy(query)
-      end
-      def get_bucket_logging(query)
-        aws_service_client.get_bucket_logging(query)
-      end
-      def get_bucket_encryption(query)
-        aws_service_client.get_bucket_encryption(query)
-      end
-    end
-  end
-end