inspec 4.7.3 → 4.7.18

data/lib/resources/aws/aws_cloudwatch_alarm.rb

@@ -23,12 +23,13 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
   def validate_params(raw_params)
     recognized_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:metric_name, :metric_namespace]
+      allowed_params: %i{metric_name metric_namespace}
     )
     validated_params = {}
     # Currently you must specify exactly metric_name and metric_namespace
-    [:metric_name, :metric_namespace].each do |param|
+    %i{metric_name metric_namespace}.each do |param|
       raise ArgumentError, "Missing resource param #{param}" unless recognized_params.key?(param)
+
       validated_params[param] = recognized_params.delete(param)
     end
 
@@ -45,7 +46,7 @@ class AwsCloudwatchAlarm < Inspec.resource(1)
     elsif aws_alarms.metric_alarms.count > 1
       alarms = aws_alarms.metric_alarms.map(&:alarm_name)
       raise "More than one Cloudwatch Alarm was matched. Try using " \
-        "more specific resource parameters. Alarms matched: #{alarms.join(', ')}"
+        "more specific resource parameters. Alarms matched: #{alarms.join(", ")}"
     else
       @alarm_actions = aws_alarms.metric_alarms.first.alarm_actions
       @alarm_name = aws_alarms.metric_alarms.first.alarm_name

data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb

@@ -33,11 +33,12 @@ class AwsCloudwatchLogMetricFilter < Inspec.resource(1)
   def validate_params(raw_params)
     validated_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:filter_name, :log_group_name, :pattern]
+      allowed_params: %i{filter_name log_group_name pattern}
     )
     if validated_params.empty?
       raise ArgumentError, "You must provide either filter_name, log_group, or pattern to aws_cloudwatch_log_metric_filter."
     end
+
     validated_params
   end
 

data/lib/resources/aws/aws_config_delivery_channel.rb

@@ -16,7 +16,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :channel_name, :s3_bucket_name, :s3_key_prefix, :sns_topic_arn,
-              :delivery_frequency_in_hours
+    :delivery_frequency_in_hours
 
   def to_s
     "Config_Delivery_Channel: #{@channel_name}"

data/lib/resources/aws/aws_config_recorder.rb

@@ -32,6 +32,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
 
   def status
     return {} unless @exists
+
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
       response = backend.describe_configuration_recorder_status(configuration_recorder_names: [@recorder_name])
@@ -41,6 +42,7 @@ class AwsConfigurationRecorder < Inspec.resource(1)
 
   def recording?
     return unless @exists
+
     status[:recording]
   end
 

data/lib/resources/aws/aws_ebs_volume.rb

@@ -54,6 +54,7 @@ class AwsEbsVolume < Inspec.resource(1)
 
   def id
     return @volume_id if defined?(@volume_id)
+
     catch_aws_errors do
       if @opts.is_a?(Hash)
         first = @ec2_resource.volumes(

data/lib/resources/aws/aws_ebs_volumes.rb

@@ -17,6 +17,7 @@ class AwsEbsVolumes < Inspec.resource(1)
     unless resource_params.empty?
       raise ArgumentError, "aws_ebs_volumes does not accept resource parameters."
     end
+
     resource_params
   end
 
@@ -38,6 +39,7 @@ class AwsEbsVolumes < Inspec.resource(1)
       api_result = backend.describe_volumes(pagination_opts)
       @table += unpack_describe_volumes_response(api_result.volumes)
       break unless api_result.next_token
+
       pagination_opts = { next_token: api_result.next_token }
     end
   end

data/lib/resources/aws/aws_ec2_instance.rb

@@ -55,6 +55,7 @@ class AwsEc2Instance < Inspec.resource(1)
 
   def id
     return @instance_id if defined?(@instance_id)
+
     catch_aws_errors do
       if @opts.is_a?(Hash)
         first = @ec2_resource.instances(
@@ -76,6 +77,7 @@ class AwsEc2Instance < Inspec.resource(1)
 
   def exists?
     return false if instance.nil?
+
     instance.exists?
   end
 

data/lib/resources/aws/aws_ec2_instances.rb

@@ -17,6 +17,7 @@ class AwsEc2Instances < Inspec.resource(1)
     unless resource_params.empty?
       raise ArgumentError, "aws_ec2_instances does not accept resource parameters."
     end
+
     resource_params
   end
 
@@ -38,6 +39,7 @@ class AwsEc2Instances < Inspec.resource(1)
       api_result = backend.describe_instances(pagination_opts)
       @table += unpack_describe_instances_response(api_result.reservations)
       break unless api_result.next_token
+
       pagination_opts = { next_token: api_result.next_token }
     end
   end

data/lib/resources/aws/aws_ecs_cluster.rb

@@ -15,8 +15,8 @@ class AwsEcsCluster < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :cluster_arn, :cluster_name, :status,
-              :registered_container_instances_count, :running_tasks_count,
-              :pending_tasks_count, :active_services_count, :statistics
+    :registered_container_instances_count, :running_tasks_count,
+    :pending_tasks_count, :active_services_count, :statistics
 
   def to_s
     "AWS ECS cluster #{cluster_name}"

data/lib/resources/aws/aws_eks_cluster.rb

@@ -15,9 +15,9 @@ class AwsEksCluster < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :version, :arn, :cluster_name, :certificate_authority, :name,
-              :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
-              :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
-              :active, :failed, :deleting
+    :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
+    :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
+    :active, :failed, :deleting
   # Use aliases for matchers
   alias active? active
   alias failed? failed

data/lib/resources/aws/aws_elb.rb

@@ -14,8 +14,8 @@ class AwsElb < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :availability_zones, :dns_name, :elb_name, :external_ports,
-              :instance_ids, :internal_ports, :security_group_ids,
-              :subnet_ids, :vpc_id
+    :instance_ids, :internal_ports, :security_group_ids,
+    :subnet_ids, :vpc_id
 
   def to_s
     "AWS ELB #{elb_name}"

data/lib/resources/aws/aws_elbs.rb

@@ -17,24 +17,25 @@ class AwsElbs < Inspec.resource(1)
     unless resource_params.empty?
       raise ArgumentError, "aws_elbs does not accept resource parameters."
     end
+
     resource_params
   end
 
   # Underlying FilterTable implementation.
   filter = FilterTable.create
   filter.add_accessor(:entries)
-        .add_accessor(:where)
-        .add(:exists?) { |table| !table.params.empty? }
-        .add(:count) { |table| table.params.count }
-        .add(:availability_zones, field: :availability_zones, style: :simple)
-        .add(:dns_names, field: :dns_name)
-        .add(:external_ports, field: :external_ports, style: :simple)
-        .add(:instance_ids, field: :instance_ids, style: :simple)
-        .add(:internal_ports, field: :internal_ports, style: :simple)
-        .add(:elb_names, field: :elb_name)
-        .add(:security_group_ids, field: :security_group_ids, style: :simple)
-        .add(:subnet_ids, field: :subnet_ids, style: :simple)
-        .add(:vpc_ids, field: :vpc_id, style: :simple)
+    .add_accessor(:where)
+    .add(:exists?) { |table| !table.params.empty? }
+    .add(:count) { |table| table.params.count }
+    .add(:availability_zones, field: :availability_zones, style: :simple)
+    .add(:dns_names, field: :dns_name)
+    .add(:external_ports, field: :external_ports, style: :simple)
+    .add(:instance_ids, field: :instance_ids, style: :simple)
+    .add(:internal_ports, field: :internal_ports, style: :simple)
+    .add(:elb_names, field: :elb_name)
+    .add(:security_group_ids, field: :security_group_ids, style: :simple)
+    .add(:subnet_ids, field: :subnet_ids, style: :simple)
+    .add(:vpc_ids, field: :vpc_id, style: :simple)
   filter.connect(self, :table)
 
   def to_s
@@ -49,6 +50,7 @@ class AwsElbs < Inspec.resource(1)
       api_result = backend.describe_load_balancers(pagination_opts)
       @table += unpack_describe_elbs_response(api_result.load_balancer_descriptions)
       break unless api_result.next_marker
+
       pagination_opts = { marker: api_result.next_marker }
     end
   end

data/lib/resources/aws/aws_flow_log.rb

@@ -48,14 +48,14 @@ class AwsFlowLog < Inspec.resource(1)
   def validate_params(raw_params)
     validated_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:flow_log_id, :subnet_id, :vpc_id],
+      allowed_params: %i{flow_log_id subnet_id vpc_id},
       allowed_scalar_name: :flow_log_id,
       allowed_scalar_type: String
     )
 
     if validated_params.empty?
       raise ArgumentError,
-            "aws_flow_log requires a parameter: flow_log_id, subnet_id, or vpc_id"
+        "aws_flow_log requires a parameter: flow_log_id, subnet_id, or vpc_id"
     end
 
     validated_params

data/lib/resources/aws/aws_iam_access_key.rb

@@ -22,7 +22,7 @@ class AwsIamAccessKey < Inspec.resource(1)
   def validate_params(raw_params)
     recognized_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:username, :id, :access_key_id],
+      allowed_params: %i{username id access_key_id},
       allowed_scalar_name: :access_key_id,
       allowed_scalar_type: String
     )
@@ -47,6 +47,7 @@ class AwsIamAccessKey < Inspec.resource(1)
 
   def active?
     return nil unless exists?
+
     status == "Active"
   end
 
@@ -57,6 +58,7 @@ class AwsIamAccessKey < Inspec.resource(1)
   def last_used_date
     return nil unless exists?
     return @last_used_date if defined? @last_used_date
+
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
       @last_used_date = backend.get_access_key_last_used({ access_key_id: access_key_id }).access_key_last_used.last_used_date

data/lib/resources/aws/aws_iam_access_keys.rb

@@ -17,7 +17,7 @@ class AwsIamAccessKeys < Inspec.resource(1)
   def validate_params(raw_params)
     recognized_params = check_resource_param_names(
       raw_params: raw_params,
-      allowed_params: [:username, :id, :access_key_id, :created_date],
+      allowed_params: %i{username id access_key_id created_date},
       allowed_scalar_name: :access_key_id,
       allowed_scalar_type: String
     )
@@ -44,19 +44,19 @@ class AwsIamAccessKeys < Inspec.resource(1)
   filter = FilterTable.create
   filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
   filter.register_column(:access_key_ids, field: :access_key_id)
-        .register_column(:created_date, field: :create_date)
-        .register_column(:created_days_ago, field: :created_days_ago)
-        .register_column(:created_with_user, field: :created_with_user)
-        .register_column(:created_hours_ago, field: :created_hours_ago)
-        .register_column(:usernames, field: :username)
-        .register_column(:active, field: :active)
-        .register_column(:inactive, field: :inactive)
-        .register_column(:last_used_date, field: :last_used_date)
-        .register_column(:last_used_hours_ago, field: :last_used_hours_ago)
-        .register_column(:last_used_days_ago,  field: :last_used_days_ago)
-        .register_column(:ever_used,           field: :ever_used)
-        .register_column(:never_used,          field: :never_used)
-        .register_column(:user_created_date,   field: :user_created_date)
+    .register_column(:created_date, field: :create_date)
+    .register_column(:created_days_ago, field: :created_days_ago)
+    .register_column(:created_with_user, field: :created_with_user)
+    .register_column(:created_hours_ago, field: :created_hours_ago)
+    .register_column(:usernames, field: :username)
+    .register_column(:active, field: :active)
+    .register_column(:inactive, field: :inactive)
+    .register_column(:last_used_date, field: :last_used_date)
+    .register_column(:last_used_hours_ago, field: :last_used_hours_ago)
+    .register_column(:last_used_days_ago,  field: :last_used_days_ago)
+    .register_column(:ever_used,           field: :ever_used)
+    .register_column(:never_used,          field: :never_used)
+    .register_column(:user_created_date,   field: :user_created_date)
   filter.install_filter_methods_on_resource(self, :table)
 
   def to_s
@@ -94,6 +94,7 @@ class AwsIamAccessKeys < Inspec.resource(1)
               user_details[info.user_name] = info
             end
             break unless api_result.is_truncated
+
             pagination_opts[:marker] = api_result.marker
           end
         end
@@ -102,7 +103,7 @@ class AwsIamAccessKeys < Inspec.resource(1)
         user_details.each_key do |username|
           begin
             user_keys = iam_client.list_access_keys(user_name: username)
-                                  .access_key_metadata
+              .access_key_metadata
             user_keys = user_keys.map do |metadata|
               {
                 access_key_id: metadata.access_key_id,
@@ -138,11 +139,12 @@ class AwsIamAccessKeys < Inspec.resource(1)
         iam_client = aws_service_client
         last_used =
           iam_client.get_access_key_last_used(access_key_id: key_info[:access_key_id])
-                    .access_key_last_used.last_used_date
+            .access_key_last_used.last_used_date
         key_info[:ever_used] = !last_used.nil?
         key_info[:never_used] = last_used.nil?
         key_info[:last_used_time] = last_used
         return unless last_used
+
         key_info[:last_used_hours_ago] = ((Time.now - last_used) / (60 * 60)).to_i
         key_info[:last_used_days_ago] = (key_info[:last_used_hours_ago] / 24).to_i
       end

data/lib/resources/aws/aws_iam_groups.rb

@@ -18,6 +18,7 @@ class AwsIamGroups < Inspec.resource(1)
     unless resource_params.empty?
       raise ArgumentError, "aws_iam_groups does not accept resource parameters."
     end
+
     resource_params
   end
 

data/lib/resources/aws/aws_iam_password_policy.rb

@@ -77,23 +77,25 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
 
   def max_password_age_in_days
     raise "this policy does not expire passwords" unless expire_passwords?
+
     @policy.max_password_age
   end
 
   def number_of_passwords_to_remember
     raise "this policy does not prevent password reuse" \
       unless prevent_password_reuse?
+
     @policy.password_reuse_prevention
   end
 
   #-------------------------- Matchers ----------------------------#
-  [
-    :require_lowercase_characters,
-    :require_uppercase_characters,
-    :require_symbols,
-    :require_numbers,
-    :expire_passwords,
-  ].each do |matcher_stem|
+  %i{
+    require_lowercase_characters
+    require_uppercase_characters
+    require_symbols
+    require_numbers
+    expire_passwords
+  }.each do |matcher_stem|
     # Create our predicates (for example, 'require_symbols?')
     stem_with_question_mark = (matcher_stem.to_s + "?").to_sym
     define_method stem_with_question_mark do

data/lib/resources/aws/aws_iam_policies.rb

@@ -17,6 +17,7 @@ class AwsIamPolicies < Inspec.resource(1)
     unless resource_params.empty?
       raise ArgumentError, "aws_iam_policies does not accept resource parameters."
     end
+
     resource_params
   end
 
@@ -24,7 +25,7 @@ class AwsIamPolicies < Inspec.resource(1)
   filter = FilterTable.create
   filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
   filter.register_column(:policy_names, field: :policy_name)
-        .register_column(:arns, field: :arn)
+    .register_column(:arns, field: :arn)
   filter.install_filter_methods_on_resource(self, :table)
 
   def to_s

data/lib/resources/aws/aws_iam_policy.rb

@@ -46,18 +46,21 @@ class AwsIamPolicy < Inspec.resource(1)
 
   def attached_users
     return @attached_users if defined? @attached_users
+
     fetch_attached_entities
     @attached_users
   end
 
   def attached_groups
     return @attached_groups if defined? @attached_groups
+
     fetch_attached_entities
     @attached_groups
   end
 
   def attached_roles
     return @attached_roles if defined? @attached_roles
+
     fetch_attached_entities
     @attached_roles
   end
@@ -88,6 +91,7 @@ class AwsIamPolicy < Inspec.resource(1)
 
   def statement_count
     return nil unless exists?
+
     # Typically it is an array of statements
     if policy["Statement"].is_a? Array
       policy["Statement"].count
@@ -100,6 +104,7 @@ class AwsIamPolicy < Inspec.resource(1)
 
   def has_statement?(provided_criteria = {})
     return nil unless exists?
+
     raw_criteria = provided_criteria.dup # provided_criteria is used for output formatting - can't delete from it.
     criteria = has_statement__validate_criteria(raw_criteria)
     @normalized_statements ||= has_statement__normalize_statements
@@ -146,7 +151,7 @@ class AwsIamPolicy < Inspec.resource(1)
 
     # If anything is left, it's spurious
     unless raw_criteria.empty?
-      raise ArgumentError, "Unrecognized criteria #{raw_criteria.keys.join(', ')} to have_statement.  Recognized criteria: #{EXPECTED_CRITERIA.join(', ')}"
+      raise ArgumentError, "Unrecognized criteria #{raw_criteria.keys.join(", ")} to have_statement.  Recognized criteria: #{EXPECTED_CRITERIA.join(", ")}"
     end
 
     # Effect has only 2 permitted values
@@ -184,6 +189,7 @@ class AwsIamPolicy < Inspec.resource(1)
 
   def has_statement__focus_on_sid(statements, criteria)
     return statements unless criteria.key?(:sid)
+
     sid_seek = criteria[:sid]
     statements.select do |statement|
       if sid_seek.is_a? Regexp
@@ -200,6 +206,7 @@ class AwsIamPolicy < Inspec.resource(1)
 
   def has_statement__array_criterion(crit_name, statement, criteria)
     return true unless criteria.key?(crit_name)
+
     check = criteria[crit_name]
     # This is an array due to normalize_statements
     # If it is nil, the statement does not have an entry for that dimension;
@@ -252,12 +259,14 @@ class AwsIamPolicy < Inspec.resource(1)
       end
       break if policy # Found it!
       break unless api_result.is_truncated # Not found and no more results
+
       pagination_opts[:marker] = api_result.marker
     end
 
     @exists = !policy.nil?
 
     return unless @exists
+
     @arn = policy[:arn]
     @default_version_id = policy[:default_version_id]
     @attachment_count = policy[:attachment_count]