inspec 3.9.3 → 4.1.4.preview

Sign up to get free protection for your applications and to get access to all the features.
Files changed (39) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +2 -7
  3. data/README.md +1 -2
  4. data/etc/deprecations.json +88 -6
  5. data/inspec.gemspec +4 -2
  6. data/lib/inspec/base_cli.rb +5 -5
  7. data/lib/inspec/cli.rb +39 -9
  8. data/lib/inspec/config.rb +2 -2
  9. data/lib/inspec/metadata.rb +3 -5
  10. data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -1
  11. data/lib/inspec/ui.rb +1 -0
  12. data/lib/inspec/version.rb +1 -6
  13. data/lib/matchers/matchers.rb +1 -0
  14. data/lib/plugins/inspec-init/templates/profiles/aws/README.md +164 -26
  15. data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +18 -4
  16. data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml +10 -4
  17. data/lib/resource_support/aws.rb +17 -1
  18. data/lib/resources/apache.rb +1 -1
  19. data/lib/resources/apt.rb +1 -3
  20. data/lib/resources/aws/aws_iam_user.rb +3 -3
  21. data/lib/resources/azure/azure_generic_resource.rb +1 -1
  22. data/lib/resources/file.rb +34 -1
  23. data/lib/resources/filesystem.rb +1 -1
  24. data/lib/resources/host.rb +2 -2
  25. data/lib/resources/iis_site.rb +1 -1
  26. data/lib/resources/interface.rb +75 -1
  27. data/lib/resources/kernel_parameter.rb +2 -7
  28. data/lib/resources/mssql_session.rb +1 -1
  29. data/lib/resources/oracledb_session.rb +1 -1
  30. data/lib/resources/powershell.rb +1 -5
  31. data/lib/resources/processes.rb +1 -1
  32. data/lib/resources/registry_key.rb +1 -7
  33. data/lib/resources/shadow.rb +5 -10
  34. data/lib/resources/users.rb +6 -10
  35. data/lib/resources/wmi.rb +1 -2
  36. data/lib/utils/deprecation/deprecator.rb +9 -8
  37. data/lib/utils/deprecation/global_method.rb +1 -1
  38. data/lib/utils/parser.rb +1 -1
  39. metadata +37 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 6acb1580248137e250e50e82452ca06ffbb270db5f166c206050ae8d2ce0f046
4
- data.tar.gz: e6c0db990f81559518f2f39b1d9a3bafb4455ff6fa25f478c94488d1c5e3b620
2
+ SHA1:
3
+ metadata.gz: 7dd53f745c6f68b24d0b987f09258c973a6d4579
4
+ data.tar.gz: f9b791e75517949b5007d0d6904c7d70752103b6
5
5
  SHA512:
6
- metadata.gz: d379f6e0f71d1c79ced4577c381d75e0e3005c52652dc59e68486ddc20dad952067d9960187088db6713e23e81d5c226b7b1da43ff81835f6d22f23925db42b2
7
- data.tar.gz: 0bdefe99c446850501e474c8391fe370266038440e866b3f6d96ddea41b8e07af9668b206452d019af678f0a7ef8e9aefe71f28536990d7755dba66b55c86709
6
+ metadata.gz: bcfdc38552520f03dcb738e3273d8cbee50ea35bb33d6f5f0e4bde0fae9b2b3b1dd36369b88a754fea078ddf23073400a81a914bb54468b0d573f5f471bec1e5
7
+ data.tar.gz: 1ee7fdfc45f33bcbf182da86da273e2634825da4b6a218750ddbf77dfc150eb5f70484df22e524dead114dc8d4656784e00f402cdb49ebb8b2ce0c646bea6d58
data/Gemfile CHANGED
@@ -4,12 +4,10 @@ source 'https://rubygems.org'
4
4
  gem 'inspec', path: '.'
5
5
 
6
6
  gem 'ffi', '>= 1.9.14'
7
- gem 'aws-sdk', '~> 2'
8
7
 
9
8
  group :omnibus do
10
9
  gem 'rb-readline'
11
10
  gem 'appbundler'
12
- gem 'unf_ext', git: 'https://github.com/chef/ruby-unf_ext.git', ref: '55d872fb15f3a26e4ee8f8dbe7ba859c80d40383'
13
11
  end
14
12
 
15
13
  group :test do
@@ -20,7 +18,7 @@ group :test do
20
18
  gem 'concurrent-ruby', '~> 1.0'
21
19
  gem 'mocha', '~> 1.1'
22
20
  gem 'ruby-progressbar', '~> 1.8'
23
- gem 'webmock', '~> 2.3.2'
21
+ gem 'webmock', '~> 3.0'
24
22
  gem 'jsonschema', '~> 2.0.2'
25
23
  gem 'passgen'
26
24
  gem 'm'
@@ -28,10 +26,7 @@ group :test do
28
26
  end
29
27
 
30
28
  group :integration do
31
- # this version check can be removed when inspec no longer support ruby 2.3
32
- if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
33
- gem 'berkshelf', '~> 7'
34
- end
29
+ gem 'berkshelf', '~> 7'
35
30
  gem 'test-kitchen', '>= 1.24'
36
31
  gem 'kitchen-vagrant'
37
32
  # we need winrm v2 support >= 0.15.1
data/README.md CHANGED
@@ -46,7 +46,7 @@ inspec exec test.rb -t docker://container_id
46
46
 
47
47
  ## Installation
48
48
 
49
- InSpec requires Ruby ( >2.3 ).
49
+ InSpec requires Ruby ( >= 2.4 ).
50
50
 
51
51
  ### Install as package
52
52
 
@@ -454,4 +454,3 @@ distributed under the License is distributed on an "AS IS" BASIS,
454
454
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
455
455
  See the License for the specific language governing permissions and
456
456
  limitations under the License.
457
-
@@ -6,24 +6,106 @@
6
6
  "action": "ignore",
7
7
  "prefix": "The 'default' option for attributes is being replaced by 'value' - please use it instead."
8
8
  },
9
+ "aws_resources_in_resource_pack": {
10
+ "comment": "See #3822",
11
+ "action": "ignore",
12
+ "prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
13
+ },
9
14
  "cli_option_json_config": {
10
15
  "action": "ignore",
11
16
  "prefix": "The --json-config option is being replaced by the --config option.",
12
17
  "comment": "See #3661"
13
18
  },
14
- "filesystem_property_size": {
19
+ "file_resource_be_mounted_matchers": {
20
+ "action": "warn",
21
+ "suffix": "This will not be supported in InSpec 4.0."
22
+ },
23
+ "host_resource_proto_usage": {
24
+ "action": "warn",
25
+ "suffix": "This will not be supported in InSpec 4.0."
26
+ },
27
+ "inspec_ui_methods": {
28
+ "action": "ignore",
29
+ "suffix": "Please call `cli.ui` directly",
30
+ "comment": "See #3715"
31
+ },
32
+ "mssql_session_pass_option": {
33
+ "action": "warn",
34
+ "suffix": "This will not be supported in InSpec 4.0."
35
+ },
36
+ "oracledb_session_pass_option": {
37
+ "action": "warn",
38
+ "suffix": "This will not be supported in InSpec 4.0."
39
+ },
40
+ "property_filesystem_size": {
15
41
  "action": "ignore",
16
42
  "comment": "See #3778"
17
43
  },
44
+ "property_processes_list": {
45
+ "action": "warn",
46
+ "suffix": "This property will be removed in InSpec 4.0."
47
+ },
48
+ "properties_aws_iam_user": {
49
+ "action": "warn",
50
+ "suffix": "This property will be removed in InSpec 4.0."
51
+ },
52
+ "properties_shadow": {
53
+ "action": "warn",
54
+ "suffix": "This property will be removed in InSpec 4.0."
55
+ },
18
56
  "rename_attributes_to_inputs": {
19
57
  "action": "ignore",
20
58
  "prefix": "InSpec Attributes are being renamed to InSpec Inputs to avoid confusion with Chef Attributes.",
21
59
  "comment": "See #3802"
22
60
  },
23
- "aws_resources_in_resource_pack": {
24
- "comment": "See #3822",
25
- "action": "ignore",
26
- "prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
61
+ "resource_apache": {
62
+ "action": "warn",
63
+ "suffix": "This resource will be removed in InSpec 4.0."
64
+ },
65
+ "resource_azure_generic_resource": {
66
+ "action": "warn",
67
+ "prefix": "The azure_generic_resource is deprecated. Please use a specific resource. See: 'https://github.com/inspec/inspec/issues/3131'"
68
+ },
69
+ "resource_iis_website": {
70
+ "action": "warn",
71
+ "suffix": "This resource will be removed in InSpec 4.0.",
72
+ "comment": "Needed for ServerSpec compatibility"
73
+ },
74
+ "resource_linux_kernel_parameter": {
75
+ "action": "warn",
76
+ "suffix": "This resource will be removed in InSpec 4.0.",
77
+ "comment": "Needed for ServerSpec compatibility"
78
+ },
79
+ "resource_ppa": {
80
+ "action": "warn",
81
+ "suffix": "This resource will be removed in InSpec 4.0.",
82
+ "comment": "Needed for ServerSpec compatibility"
83
+ },
84
+ "resource_script": {
85
+ "action": "warn",
86
+ "suffix": "This resource will be removed in InSpec 4.0"
87
+ },
88
+ "resource_user_serverspec_compat": {
89
+ "action": "warn"
90
+ },
91
+ "resource_windows_registry_key": {
92
+ "action": "warn",
93
+ "suffix": "This resource will be removed in InSpec 4.0.",
94
+ "comment": "Needed for ServerSpec compatibility"
95
+ },
96
+ "serverspec_compatibility": {
97
+ "action": "warn",
98
+ "suffix": "This is only allowed for compatibility with ServerSpec"
99
+ },
100
+ "supports_syntax": {
101
+ "action": "warn"
102
+ },
103
+ "mount_parser_serverspec_compat": {
104
+ "action": "warn"
105
+ },
106
+ "wmi_non_hash_usage": {
107
+ "action": "warn",
108
+ "suffix": "This property will be removed in InSpec 4.0."
27
109
  }
28
110
  }
29
- }
111
+ }
@@ -23,13 +23,15 @@ Gem::Specification.new do |spec|
23
23
  .reject { |f| File.directory?(f) || f =~ %r{lib/plugins/.*/test/} }
24
24
  spec.require_paths = ['lib']
25
25
 
26
- spec.required_ruby_version = '>= 2.3'
26
+ spec.required_ruby_version = '>= 2.4'
27
27
 
28
- spec.add_dependency 'train', '~> 1.5', '>= 1.7.2'
28
+ spec.add_dependency 'train', '~> 2.0' # Inspec 4 must have train 2+
29
29
  # Train plugins we ship with InSpec
30
30
  spec.add_dependency 'train-habitat', '~> 0.1'
31
+ spec.add_dependency 'train-aws', '~> 0.1'
31
32
 
32
33
  # Implementation dependencies
34
+ spec.add_dependency 'license-acceptance', '~> 0.2'
33
35
  spec.add_dependency 'thor', '~> 0.20'
34
36
  spec.add_dependency 'json', '>= 1.8', '< 3.0'
35
37
  spec.add_dependency 'method_source', '~> 0.8'
@@ -164,28 +164,28 @@ module Inspec
164
164
  end
165
165
 
166
166
  def mark_text(text)
167
- # TODO: - deprecate, call cli.ui directly
167
+ Inspec.deprecate(:inspec_ui_methods)
168
168
  # Note that this one doesn't automatically print
169
169
  ui.emphasis(text, print: false)
170
170
  end
171
171
 
172
172
  def headline(title)
173
- # TODO: - deprecate, call cli.ui directly
173
+ Inspec.deprecate(:inspec_ui_methods)
174
174
  ui.headline(title)
175
175
  end
176
176
 
177
177
  def li(entry)
178
- # TODO: - deprecate, call cli.ui directly
178
+ Inspec.deprecate(:inspec_ui_methods)
179
179
  ui.list_item(entry)
180
180
  end
181
181
 
182
182
  def plain_text(msg)
183
- # TODO: - deprecate, call cli.ui directly
183
+ Inspec.deprecate(:inspec_ui_methods)
184
184
  ui.plain(msg + "\n")
185
185
  end
186
186
 
187
187
  def exit(code)
188
- # TODO: - deprecate, call cli.ui directly
188
+ Inspec.deprecate(:inspec_ui_methods)
189
189
  ui.exit code
190
190
  end
191
191
  end
@@ -39,6 +39,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
39
39
  class_option :disable_user_plugins, type: :string, banner: '',
40
40
  desc: 'Disable loading all plugins that the user installed.'
41
41
 
42
+ require 'license_acceptance/cli_flags/thor'
43
+ include LicenseAcceptance::CLIFlags::Thor
44
+
42
45
  desc 'json PATH', 'read all tests in PATH and generate a JSON summary'
43
46
  option :output, aliases: :o, type: :string,
44
47
  desc: 'Save the created profile to a path'
@@ -196,6 +199,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
196
199
  3 Fatal deprecation encountered
197
200
  100 Normal exit, at least one test failed
198
201
  101 Normal exit, at least one test skipped but none failed
202
+ 172 Chef License not accepted
199
203
  ```
200
204
 
201
205
  Below are some examples of using `exec` with different test LOCATIONS:
@@ -373,18 +377,44 @@ class Inspec::InspecCLI < Inspec::BaseCLI
373
377
  end
374
378
  end
375
379
 
380
+ #=====================================================================#
381
+ # Pre-Flight Code
382
+ #=====================================================================#
383
+
384
+ help_commands = ['-h', '--help', 'help']
385
+ version_commands = ['-v', '--version', 'version']
386
+ commands_exempt_from_license_check = help_commands + version_commands
387
+
388
+ #---------------------------------------------------------------------#
389
+ # EULA acceptance
390
+ #---------------------------------------------------------------------#
391
+ require 'license_acceptance/acceptor'
376
392
  begin
377
- # Handle help commands
378
- # This allows you to use any of the normal help commands after the normal args.
379
- help_commands = ['-h', '--help', 'help']
380
- (help_commands & ARGV).each do |cmd|
381
- # move the help argument to one place behind the end for Thor to digest
382
- if ARGV.size > 1
383
- match = ARGV.delete(cmd)
384
- ARGV.insert(-2, match)
385
- end
393
+ if (commands_exempt_from_license_check & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command?
394
+ !ARGV.empty? # Did they supply at least one command?
395
+ LicenseAcceptance::Acceptor.check_and_persist('inspec', Inspec::VERSION)
386
396
  end
397
+ rescue LicenseAcceptance::LicenseNotAcceptedError
398
+ Inspec::Log.error 'InSpec cannot execute without accepting the license'
399
+ Inspec::UI.new.exit(:license_not_accepted)
400
+ end
387
401
 
402
+ #---------------------------------------------------------------------#
403
+ # Adjustments for help handling
404
+ # This allows you to use any of the normal help commands after the normal args.
405
+ #---------------------------------------------------------------------#
406
+ (help_commands & ARGV).each do |cmd|
407
+ # move the help argument to one place behind the end for Thor to digest
408
+ if ARGV.size > 1
409
+ match = ARGV.delete(cmd)
410
+ ARGV.insert(-2, match)
411
+ end
412
+ end
413
+
414
+ #---------------------------------------------------------------------#
415
+ # Plugin Loading
416
+ #---------------------------------------------------------------------#
417
+ begin
388
418
  # Load v2 plugins. Manually check for plugin disablement.
389
419
  omit_core = ARGV.delete('--disable-core-plugins')
390
420
  omit_user = ARGV.delete('--disable-user-plugins')
@@ -197,7 +197,7 @@ module Inspec
197
197
 
198
198
  def check_for_piped_config(cli_opts)
199
199
  cli_opt = cli_opts[:config] || cli_opts[:json_config]
200
- Inspec.deprecate(:cli_option_json_config, '') if cli_opts.key?(:json_config)
200
+ Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
201
201
 
202
202
  return nil unless cli_opt
203
203
  return nil unless cli_opt == '-'
@@ -209,7 +209,7 @@ module Inspec
209
209
 
210
210
  def determine_cfg_path(cli_opts)
211
211
  path = cli_opts[:config] || cli_opts[:json_config]
212
- Inspec.deprecate(:cli_option_json_config, '') if cli_opts.key?(:json_config)
212
+ Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
213
213
 
214
214
  if path.nil?
215
215
  default_path = File.join(Inspec.config_dir, 'config.json')
@@ -149,11 +149,9 @@ module Inspec
149
149
  nil
150
150
  when nil then nil
151
151
  else
152
- logger ||= Logger.new(nil)
153
- logger.warn(
154
- "Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
155
- "supports:\n - os-family: #{x}\n\n",
156
- )
152
+ Inspec.deprecate(:supports_syntax,
153
+ "Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
154
+ "supports:\n - os-family: #{x}\n\n")
157
155
  { :'os-family' => x } # rubocop:disable Style/HashSyntax
158
156
  end
159
157
  end
@@ -147,7 +147,10 @@ module Inspec
147
147
  end
148
148
 
149
149
  # rubocop:enable Lint/NestedMethodDefinition
150
- if __resource_registry.key?(name)
150
+
151
+ # Warn if a resource pack is overwriting a core resource.
152
+ # Suppress warning if the resource is an AWS resource, see #3822
153
+ if __resource_registry.key?(name) && !name.start_with?('aws_')
151
154
  Inspec::Log.warn("Overwriting resource #{name}. To reference a specific version of #{name} use the resource() method")
152
155
  end
153
156
  __resource_registry[name] = cl
@@ -33,6 +33,7 @@ module Inspec
33
33
  EXIT_USAGE_ERROR = 1
34
34
  EXIT_PLUGIN_ERROR = 2
35
35
  EXIT_FATAL_DEPRECATION = 3
36
+ EXIT_LICENSE_NOT_ACCEPTED = 172
36
37
  EXIT_FAILED_TESTS = 100
37
38
  EXIT_SKIPPED_TESTS = 101
38
39
 
@@ -1,8 +1,3 @@
1
- # encoding: utf-8
2
- # frozen_string_literal: true
3
- # author: Dominik Richter
4
- # author: Christoph Hartmann
5
-
6
1
  module Inspec
7
- VERSION = '3.9.3'
2
+ VERSION = '4.1.4.preview'.freeze
8
3
  end
@@ -107,6 +107,7 @@ end
107
107
  # Deprecated: You should not use this matcher anymore
108
108
  RSpec::Matchers.define :be_running do
109
109
  match do |service|
110
+ Inspec.deprecate(:serverspec_compatibility, 'The service `be_running?` matcher is deprecated.')
110
111
  service.running? == true
111
112
  end
112
113
 
@@ -5,50 +5,188 @@ This example shows the implementation of an InSpec profile for AWS.
5
5
  ## Create a profile
6
6
 
7
7
  ```
8
- $ inspec init profile --platform aws aws-security
9
- Create new profile at /Users/liamcaproni/aws-security
10
- * Create directory libraries
11
- * Create file README.md
12
- * Create directory controls
13
- * Create file controls/example.rb
14
- * Create file inspec.yml
15
- * Create file attributes.yml
16
- * Create file libraries/.gitkeep
8
+ $ inspec init profile --platform aws my-profile
9
+
10
+ ─────────────────────────── InSpec Code Generator ───────────────────────────
11
+
12
+ Creating new profile at /Users/spaterson/my-profile
13
+ Creating directory libraries
14
+ Creating file README.md
15
+ Creating directory controls
16
+ Creating file controls/example.rb
17
+ • Creating file inspec.yml
18
+ • Creating file attributes.yml
19
+ • Creating file libraries/.gitkeep
17
20
 
18
21
  ```
19
22
 
20
- ## Update `attributes.yml` to point to your custom VPC
23
+ ## Optionally update `attributes.yml` to point to your custom VPC
21
24
 
22
25
  ```
23
26
  aws_vpc_id: 'custom-vpc-id'
24
27
  ```
25
28
 
29
+ The related control will simply be skipped if this is not provided. See the [InSpec DSL documentation](https://www.inspec.io/docs/reference/dsl_inspec/) for more details on conditional execution using `only_if`.
30
+
26
31
  ## Run the tests
27
32
 
33
+ ### With a VPC Identifier
34
+
35
+ With a supplied VPC identifier in `attributes.yml` both of the example controls will run. The 'aws-single-vpc-exists-check' control will only check for a VPC identifier in the currently configured AWS SDK region e.g. `eu-west-2` in the below:
36
+
37
+ ```
38
+ $ cd my-profile/
39
+ $ inspec exec . -t aws:// --attrs attributes.yml
40
+
41
+ Profile: AWS InSpec Profile (my-profile)
42
+ Version: 0.1.0
43
+ Target: aws://eu-west-2
44
+
45
+ ✔ aws-single-vpc-exists-check: Check to see if custom VPC exists.
46
+ ✔ VPC vpc-1ea06476 should exist
47
+ ✔ aws-vpcs-check: Check in all the VPCs for default sg not allowing 22 inwards
48
+ ✔ EC2 Security Group sg-067cd21e928c3a2f1 should allow in {:port=>22}
49
+ ✔ EC2 Security Group sg-9bb3b9f3 should allow in {:port=>22}
50
+ ✔ aws-vpcs-multi-region-status-check: Check AWS VPCs in all regions have status "available"
51
+ ✔ VPC vpc-6458b70d in eu-north-1 should exist
52
+ ✔ VPC vpc-6458b70d in eu-north-1 should be available
53
+ ✔ VPC vpc-8d1390e5 in ap-south-1 should exist
54
+ ✔ VPC vpc-8d1390e5 in ap-south-1 should be available
55
+ ✔ VPC vpc-07a71d6e in eu-west-3 should exist
56
+ ✔ VPC vpc-07a71d6e in eu-west-3 should be available
57
+ ✔ VPC vpc-021630e2e767412b5 in eu-west-2 should exist
58
+ ✔ VPC vpc-021630e2e767412b5 in eu-west-2 should be available
59
+ ✔ VPC vpc-1ea06476 in eu-west-2 should exist
60
+ ✔ VPC vpc-1ea06476 in eu-west-2 should be available
61
+ ✔ VPC vpc-169dee70 in eu-west-1 should exist
62
+ ✔ VPC vpc-169dee70 in eu-west-1 should be available
63
+ ✔ VPC vpc-01ac7ba0be447a1c4 in eu-west-1 should exist
64
+ ✔ VPC vpc-01ac7ba0be447a1c4 in eu-west-1 should be available
65
+ ✔ VPC vpc-09ff83d71da9d2b6e in eu-west-1 should exist
66
+ ✔ VPC vpc-09ff83d71da9d2b6e in eu-west-1 should be available
67
+ ✔ VPC vpc-0ebccac2337a90f13 in eu-west-1 should exist
68
+ ✔ VPC vpc-0ebccac2337a90f13 in eu-west-1 should be available
69
+ ✔ VPC vpc-c2a53da4 in eu-west-1 should exist
70
+ ✔ VPC vpc-c2a53da4 in eu-west-1 should be available
71
+ ✔ VPC vpc-4fb3f127 in ap-northeast-2 should exist
72
+ ✔ VPC vpc-4fb3f127 in ap-northeast-2 should be available
73
+ ✔ VPC vpc-0804856f in ap-northeast-1 should exist
74
+ ✔ VPC vpc-0804856f in ap-northeast-1 should be available
75
+ ✔ VPC vpc-ccb917ab in sa-east-1 should exist
76
+ ✔ VPC vpc-ccb917ab in sa-east-1 should be available
77
+ ✔ VPC vpc-0afcc60c70a30a615 in ca-central-1 should exist
78
+ ✔ VPC vpc-0afcc60c70a30a615 in ca-central-1 should be available
79
+ ✔ VPC vpc-20a25048 in ca-central-1 should exist
80
+ ✔ VPC vpc-20a25048 in ca-central-1 should be available
81
+ ✔ VPC vpc-5896143f in ap-southeast-1 should exist
82
+ ✔ VPC vpc-5896143f in ap-southeast-1 should be available
83
+ ✔ VPC vpc-47972220 in ap-southeast-2 should exist
84
+ ✔ VPC vpc-47972220 in ap-southeast-2 should be available
85
+ ✔ VPC vpc-071b6f0c69d1d0311 in eu-central-1 should exist
86
+ ✔ VPC vpc-071b6f0c69d1d0311 in eu-central-1 should be available
87
+ ✔ VPC vpc-807dfdeb in eu-central-1 should exist
88
+ ✔ VPC vpc-807dfdeb in eu-central-1 should be available
89
+ ✔ VPC vpc-0be54a71311bc362d in eu-central-1 should exist
90
+ ✔ VPC vpc-0be54a71311bc362d in eu-central-1 should be available
91
+ ✔ VPC vpc-f060cd8b in us-east-1 should exist
92
+ ✔ VPC vpc-f060cd8b in us-east-1 should be available
93
+ ✔ VPC vpc-0c3a7e116c58d714b in us-east-1 should exist
94
+ ✔ VPC vpc-0c3a7e116c58d714b in us-east-1 should be available
95
+ ✔ VPC vpc-047bff6c in us-east-2 should exist
96
+ ✔ VPC vpc-047bff6c in us-east-2 should be available
97
+ ✔ VPC vpc-93dd6ef4 in us-west-1 should exist
98
+ ✔ VPC vpc-93dd6ef4 in us-west-1 should be available
99
+ ✔ VPC vpc-2c0a6a55 in us-west-2 should exist
100
+ ✔ VPC vpc-2c0a6a55 in us-west-2 should be available
101
+
102
+
103
+ Profile: Amazon Web Services Resource Pack (inspec-aws)
104
+ Version: 0.1.0
105
+ Target: aws://eu-west-2
106
+
107
+ No tests executed.
108
+
109
+ Profile Summary: 3 successful controls, 0 control failures, 0 controls skipped
110
+ Test Summary: 53 successful, 0 failures, 0 skipped
111
+ ```
112
+
113
+
114
+ ### Without Supplying a VPC Identifier
115
+
116
+ If no VPC identifier is supplied, the 'aws-single-vpc-exists-check' control is skipped and the other control runs. The `attributes.yml` file does not have to be specified to InSpec in this case.
117
+
28
118
  ```
29
- $ cd aws-profile/
30
- $ inspec exec -t aws://eu-west-1/test-iam-profile --attrs attributes.yml aws-security
119
+ $ cd my-profile/
120
+ $ inspec exec . -t aws://
31
121
 
32
- Profile: InSpec Profile (aws-security)
122
+ Profile: AWS InSpec Profile (my-profile)
33
123
  Version: 0.1.0
34
124
  Target: aws://eu-west-2
35
125
 
36
- aws-vpc-check: Check to see if custom VPC exists.
37
- VPC vpc-0014dad216b7664e3 should exist
126
+ aws-single-vpc-exists-check: Check to see if custom VPC exists.
127
+ Skipped control due to only_if condition.
38
128
  ✔ aws-vpcs-check: Check in all the VPCs for default sg not allowing 22 inwards
39
- ✔ EC2 Security Group sg-05cd285a7499ee2bf should allow in {:port=>22}
40
- ✔ EC2 Security Group sg-0f0faf6d01eafc65d should allow in {:port=>22}
41
- EC2 Security Group sg-0cb134808cb42f188 should allow in {:port=>22}
42
- EC2 Security Group sg-06b2ae6dea43e32b6 should allow in {:port=>22}
43
- EC2 Security Group sg-0fc81264868480768 should allow in {:port=>22}
44
- EC2 Security Group sg-0cc3c94d414fdcd1b should allow in {:port=>22}
45
- EC2 Security Group sg-0abe7f61 should allow in {:port=>22}
46
- EC2 Security Group sg-0f346bed179f1e6ad should allow in {:port=>22}
47
- EC2 Security Group sg-0ff737c3be7a370ab should allow in {:port=>22}
48
- EC2 Security Group sg-0f37838285d37d035 should allow in {:port=>22}
49
- EC2 Security Group sg-001651d64991000f7 should allow in {:port=>22}
129
+ ✔ EC2 Security Group sg-067cd21e928c3a2f1 should allow in {:port=>22}
130
+ ✔ EC2 Security Group sg-9bb3b9f3 should allow in {:port=>22}
131
+ aws-vpcs-multi-region-status-check: Check AWS VPCs in all regions have status "available"
132
+ VPC vpc-6458b70d in eu-north-1 should exist
133
+ VPC vpc-6458b70d in eu-north-1 should be available
134
+ VPC vpc-8d1390e5 in ap-south-1 should exist
135
+ VPC vpc-8d1390e5 in ap-south-1 should be available
136
+ VPC vpc-07a71d6e in eu-west-3 should exist
137
+ VPC vpc-07a71d6e in eu-west-3 should be available
138
+ VPC vpc-021630e2e767412b5 in eu-west-2 should exist
139
+ VPC vpc-021630e2e767412b5 in eu-west-2 should be available
140
+ ✔ VPC vpc-1ea06476 in eu-west-2 should exist
141
+ ✔ VPC vpc-1ea06476 in eu-west-2 should be available
142
+ ✔ VPC vpc-169dee70 in eu-west-1 should exist
143
+ ✔ VPC vpc-169dee70 in eu-west-1 should be available
144
+ ✔ VPC vpc-01ac7ba0be447a1c4 in eu-west-1 should exist
145
+ ✔ VPC vpc-01ac7ba0be447a1c4 in eu-west-1 should be available
146
+ ✔ VPC vpc-09ff83d71da9d2b6e in eu-west-1 should exist
147
+ ✔ VPC vpc-09ff83d71da9d2b6e in eu-west-1 should be available
148
+ ✔ VPC vpc-0ebccac2337a90f13 in eu-west-1 should exist
149
+ ✔ VPC vpc-0ebccac2337a90f13 in eu-west-1 should be available
150
+ ✔ VPC vpc-c2a53da4 in eu-west-1 should exist
151
+ ✔ VPC vpc-c2a53da4 in eu-west-1 should be available
152
+ ✔ VPC vpc-4fb3f127 in ap-northeast-2 should exist
153
+ ✔ VPC vpc-4fb3f127 in ap-northeast-2 should be available
154
+ ✔ VPC vpc-0804856f in ap-northeast-1 should exist
155
+ ✔ VPC vpc-0804856f in ap-northeast-1 should be available
156
+ ✔ VPC vpc-ccb917ab in sa-east-1 should exist
157
+ ✔ VPC vpc-ccb917ab in sa-east-1 should be available
158
+ ✔ VPC vpc-0afcc60c70a30a615 in ca-central-1 should exist
159
+ ✔ VPC vpc-0afcc60c70a30a615 in ca-central-1 should be available
160
+ ✔ VPC vpc-20a25048 in ca-central-1 should exist
161
+ ✔ VPC vpc-20a25048 in ca-central-1 should be available
162
+ ✔ VPC vpc-5896143f in ap-southeast-1 should exist
163
+ ✔ VPC vpc-5896143f in ap-southeast-1 should be available
164
+ ✔ VPC vpc-47972220 in ap-southeast-2 should exist
165
+ ✔ VPC vpc-47972220 in ap-southeast-2 should be available
166
+ ✔ VPC vpc-071b6f0c69d1d0311 in eu-central-1 should exist
167
+ ✔ VPC vpc-071b6f0c69d1d0311 in eu-central-1 should be available
168
+ ✔ VPC vpc-807dfdeb in eu-central-1 should exist
169
+ ✔ VPC vpc-807dfdeb in eu-central-1 should be available
170
+ ✔ VPC vpc-0be54a71311bc362d in eu-central-1 should exist
171
+ ✔ VPC vpc-0be54a71311bc362d in eu-central-1 should be available
172
+ ✔ VPC vpc-f060cd8b in us-east-1 should exist
173
+ ✔ VPC vpc-f060cd8b in us-east-1 should be available
174
+ ✔ VPC vpc-0c3a7e116c58d714b in us-east-1 should exist
175
+ ✔ VPC vpc-0c3a7e116c58d714b in us-east-1 should be available
176
+ ✔ VPC vpc-047bff6c in us-east-2 should exist
177
+ ✔ VPC vpc-047bff6c in us-east-2 should be available
178
+ ✔ VPC vpc-93dd6ef4 in us-west-1 should exist
179
+ ✔ VPC vpc-93dd6ef4 in us-west-1 should be available
180
+ ✔ VPC vpc-2c0a6a55 in us-west-2 should exist
181
+ ✔ VPC vpc-2c0a6a55 in us-west-2 should be available
50
182
 
51
183
 
184
+ Profile: Amazon Web Services Resource Pack (inspec-aws)
185
+ Version: 0.1.0
186
+ Target: aws://eu-west-2
52
187
 
188
+ No tests executed.
53
189
 
190
+ Profile Summary: 2 successful controls, 0 control failures, 1 control skipped
191
+ Test Summary: 52 successful, 0 failures, 1 skipped
54
192
  ```