inspec 2.1.68 → 2.1.72
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -8
- data/docs/resources/aws_ec2_instances.md.erb +79 -0
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/resource_support/aws.rb +1 -0
- data/lib/resources/aws/aws_ec2_instances.rb +64 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 534b2e87a2c65b5c196e7af32599623cd4033a4d
|
4
|
+
data.tar.gz: 7f2a83fe85d5bf848f1d7747eecd65257ce3502e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9359c6eb7b7fd9920d25307d99d237d93e8fb3f47c66e16e86c858b1522edfba0a0e2787e9038a7eee2fbbd04a2514cac91b4486d5d3ab292f5e8b6636aba734
|
7
|
+
data.tar.gz: 87d990b0be675e94be9c9a327e379ab77c382fd55e82ef8cfe1eadb7f572eab309e2e4dbebb53c4c58fe53ef73918ce7dfb51d264121fcc1f8a5f456855d2f76
|
data/CHANGELOG.md
CHANGED
@@ -1,20 +1,35 @@
|
|
1
1
|
# Change Log
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
3
|
-
<!-- latest_release 2.1.
|
4
|
-
## [v2.1.
|
3
|
+
<!-- latest_release 2.1.72 -->
|
4
|
+
## [v2.1.72](https://github.com/chef/inspec/tree/v2.1.72) (2018-05-10)
|
5
5
|
|
6
|
-
####
|
7
|
-
-
|
6
|
+
#### New Resources
|
7
|
+
- Skeletal aws_ec2_instances resource [#3023](https://github.com/chef/inspec/pull/3023) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
8
8
|
<!-- latest_release -->
|
9
9
|
|
10
|
-
<!-- release_rollup since=2.1.
|
11
|
-
### Changes since 2.1.
|
10
|
+
<!-- release_rollup since=2.1.68 -->
|
11
|
+
### Changes since 2.1.68 release
|
12
|
+
|
13
|
+
#### New Resources
|
14
|
+
- Skeletal aws_ec2_instances resource [#3023](https://github.com/chef/inspec/pull/3023) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.1.72 -->
|
15
|
+
|
16
|
+
#### Enhancements
|
17
|
+
- Add git dependency to habitat plan. [#3037](https://github.com/chef/inspec/pull/3037) ([phiggins](https://github.com/phiggins)) <!-- 2.1.71 -->
|
18
|
+
|
19
|
+
#### Bug Fixes
|
20
|
+
- Allow the depends key to be exposed in json profiles report [#3033](https://github.com/chef/inspec/pull/3033) ([jquick](https://github.com/jquick)) <!-- 2.1.70 -->
|
12
21
|
|
13
22
|
#### Merged Pull Requests
|
14
|
-
- Fix
|
23
|
+
- Fix typo in os_env_spec [#3028](https://github.com/chef/inspec/pull/3028) ([Happycoil](https://github.com/Happycoil)) <!-- 2.1.69 -->
|
15
24
|
<!-- release_rollup -->
|
16
25
|
|
17
26
|
<!-- latest_stable_release -->
|
27
|
+
## [v2.1.68](https://github.com/chef/inspec/tree/v2.1.68) (2018-05-04)
|
28
|
+
|
29
|
+
#### Merged Pull Requests
|
30
|
+
- Fix the A2 vendoring with depends on the A2 server [#3022](https://github.com/chef/inspec/pull/3022) ([jquick](https://github.com/jquick))
|
31
|
+
<!-- latest_stable_release -->
|
32
|
+
|
18
33
|
## [v2.1.67](https://github.com/chef/inspec/tree/v2.1.67) (2018-05-03)
|
19
34
|
|
20
35
|
#### New Features
|
@@ -32,7 +47,6 @@
|
|
32
47
|
- Update Habitat plan [#3000](https://github.com/chef/inspec/pull/3000) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
33
48
|
- cmp should recognise a string being a negative int [#3007](https://github.com/chef/inspec/pull/3007) ([james-stocks](https://github.com/james-stocks))
|
34
49
|
- Add inspec-core gem to expeditor release [#3018](https://github.com/chef/inspec/pull/3018) ([jquick](https://github.com/jquick))
|
35
|
-
<!-- latest_stable_release -->
|
36
50
|
|
37
51
|
## [v2.1.59](https://github.com/chef/inspec/tree/v2.1.59) (2018-04-26)
|
38
52
|
|
@@ -0,0 +1,79 @@
|
|
1
|
+
---
|
2
|
+
title: About the aws_ec2_instances Resource
|
3
|
+
platform: aws
|
4
|
+
---
|
5
|
+
|
6
|
+
# aws\_ec2\_instances
|
7
|
+
|
8
|
+
Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
|
9
|
+
|
10
|
+
EC2 instances are the basic unit of computing within AWS. An instance is a virtual machine that contains a running OS, and may be created or destroyed by code.
|
11
|
+
|
12
|
+
Each EC2 instance is uniquely identified by its ID.
|
13
|
+
|
14
|
+
<br>
|
15
|
+
|
16
|
+
## Syntax
|
17
|
+
|
18
|
+
An `aws_ec2_instances` resource block collects a group of EC2 Instances and then tests that group.
|
19
|
+
|
20
|
+
# Ensure you have exactly 3 instances
|
21
|
+
describe aws_ec2_instances do
|
22
|
+
its('instance_ids.count') { should cmp 3 }
|
23
|
+
end
|
24
|
+
|
25
|
+
# Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ec2_instance`.
|
26
|
+
aws_ec2_instances.instance_ids.each do |instance_id|
|
27
|
+
describe aws_ec2_instance(instance_id) do
|
28
|
+
its('key_name') { should cmp 'admin-ssh-key' }
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
<br>
|
33
|
+
|
34
|
+
## Examples
|
35
|
+
|
36
|
+
As this is the initial release of `aws_ec2_instances`, its limited functionality precludes examples.
|
37
|
+
|
38
|
+
<br>
|
39
|
+
|
40
|
+
## Filter Criteria
|
41
|
+
|
42
|
+
This resource currently does not support any filter criteria; it will always fetch all instances in the region.
|
43
|
+
|
44
|
+
## Properties
|
45
|
+
|
46
|
+
### entries
|
47
|
+
|
48
|
+
Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.
|
49
|
+
|
50
|
+
# Allow at most 100 EC2 Instances on the account
|
51
|
+
describe aws_ec2_instances do
|
52
|
+
its('entries.count') { should be <= 100}
|
53
|
+
end
|
54
|
+
|
55
|
+
|
56
|
+
### instance_ids
|
57
|
+
|
58
|
+
Provides a list of the instance ids that were found in the query.
|
59
|
+
|
60
|
+
describe aws_ec2_instances do
|
61
|
+
its('instance_ids') { should include('i-12345678') }
|
62
|
+
its('instance_ids.count') { should cmp 3) }
|
63
|
+
end
|
64
|
+
|
65
|
+
<br>
|
66
|
+
|
67
|
+
## Matchers
|
68
|
+
|
69
|
+
For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
|
70
|
+
|
71
|
+
### exist
|
72
|
+
|
73
|
+
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
|
74
|
+
|
75
|
+
# Verify that at least one EC2 Instance exists.
|
76
|
+
describe aws_ec2_instances
|
77
|
+
it { should exist }
|
78
|
+
end
|
79
|
+
|
data/lib/inspec/version.rb
CHANGED
data/lib/resource_support/aws.rb
CHANGED
@@ -19,6 +19,7 @@ require 'resources/aws/aws_cloudwatch_log_metric_filter'
|
|
19
19
|
require 'resources/aws/aws_config_delivery_channel'
|
20
20
|
require 'resources/aws/aws_config_recorder'
|
21
21
|
require 'resources/aws/aws_ec2_instance'
|
22
|
+
require 'resources/aws/aws_ec2_instances'
|
22
23
|
require 'resources/aws/aws_iam_access_key'
|
23
24
|
require 'resources/aws/aws_iam_access_keys'
|
24
25
|
require 'resources/aws/aws_iam_group'
|
@@ -0,0 +1,64 @@
|
|
1
|
+
class AwsEc2Instances < Inspec.resource(1)
|
2
|
+
name 'aws_ec2_instances'
|
3
|
+
desc 'Verifies settings for AWS EC2 Instances in bulk'
|
4
|
+
example '
|
5
|
+
describe aws_ec2_instances do
|
6
|
+
it { should exist }
|
7
|
+
end
|
8
|
+
'
|
9
|
+
supports platform: 'aws'
|
10
|
+
|
11
|
+
include AwsPluralResourceMixin
|
12
|
+
def validate_params(resource_params)
|
13
|
+
unless resource_params.empty?
|
14
|
+
raise ArgumentError, 'aws_ec2_instances does not accept resource parameters.'
|
15
|
+
end
|
16
|
+
resource_params
|
17
|
+
end
|
18
|
+
|
19
|
+
# Underlying FilterTable implementation.
|
20
|
+
filter = FilterTable.create
|
21
|
+
filter.add_accessor(:entries)
|
22
|
+
.add(:exists?) { |x| !x.entries.empty? }
|
23
|
+
.add(:instance_ids, field: :instance_id)
|
24
|
+
filter.connect(self, :table)
|
25
|
+
|
26
|
+
def to_s
|
27
|
+
'EC2 Instances'
|
28
|
+
end
|
29
|
+
|
30
|
+
def fetch_from_api
|
31
|
+
backend = BackendFactory.create(inspec_runner)
|
32
|
+
@table = []
|
33
|
+
pagination_opts = {}
|
34
|
+
loop do
|
35
|
+
api_result = backend.describe_instances(pagination_opts)
|
36
|
+
@table += unpack_describe_instances_response(api_result.reservations)
|
37
|
+
break unless api_result.next_token
|
38
|
+
pagination_opts = { next_token: api_result.next_token }
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def unpack_describe_instances_response(reservations)
|
43
|
+
instance_rows = []
|
44
|
+
reservations.each do |res|
|
45
|
+
instance_rows += res.instances.map do |instance_struct|
|
46
|
+
{
|
47
|
+
instance_id: instance_struct.instance_id,
|
48
|
+
}
|
49
|
+
end
|
50
|
+
end
|
51
|
+
instance_rows
|
52
|
+
end
|
53
|
+
|
54
|
+
class Backend
|
55
|
+
class AwsClientApi < AwsBackendBase
|
56
|
+
BackendFactory.set_default_backend(self)
|
57
|
+
self.aws_client_class = Aws::EC2::Client
|
58
|
+
|
59
|
+
def describe_instances(query)
|
60
|
+
aws_service_client.describe_instances(query)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.72
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-05-
|
11
|
+
date: 2018-05-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -316,6 +316,7 @@ files:
|
|
316
316
|
- docs/resources/aws_config_delivery_channel.md.erb
|
317
317
|
- docs/resources/aws_config_recorder.md.erb
|
318
318
|
- docs/resources/aws_ec2_instance.md.erb
|
319
|
+
- docs/resources/aws_ec2_instances.md.erb
|
319
320
|
- docs/resources/aws_iam_access_key.md.erb
|
320
321
|
- docs/resources/aws_iam_access_keys.md.erb
|
321
322
|
- docs/resources/aws_iam_group.md.erb
|
@@ -638,6 +639,7 @@ files:
|
|
638
639
|
- lib/resources/aws/aws_config_delivery_channel.rb
|
639
640
|
- lib/resources/aws/aws_config_recorder.rb
|
640
641
|
- lib/resources/aws/aws_ec2_instance.rb
|
642
|
+
- lib/resources/aws/aws_ec2_instances.rb
|
641
643
|
- lib/resources/aws/aws_iam_access_key.rb
|
642
644
|
- lib/resources/aws/aws_iam_access_keys.rb
|
643
645
|
- lib/resources/aws/aws_iam_group.rb
|