inspec/lib/resource_support/aws/aws_resource_mixin.rb

63 lines
2.4 KiB
Ruby
Raw Normal View History

DRY up AWS resource implementation and test backend implementations (#121) * Standardize requires in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Standardize requires in resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Move AWS connection hook into non-resource library area Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add an AWS resource mixin, pushing constructor out to it Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push resource param name recognition into mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push exists predicate up to mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rename base.rb to be resource_mixin for clarity Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Separate the backend from its factory, and push it out into a class mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push BackendFactory up into the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws_conn require from LMF and CloudWatch Alarm filters Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Use resource mixin for Cloudwatch Alarm Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework LMF to use the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rubocop. Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove SDK load from connection.rb; that happens in aws.rb now Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Mixin should default to allowing empty resource params Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update LMF to enforce params being required Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 18:32:13 +00:00
module AwsResourceMixin
def initialize(resource_params = {})
validate_params(resource_params).each do |param, value|
instance_variable_set(:"@#{param}", value)
end
catch_aws_errors do
fetch_from_api
end
end
# Default implementation of validate params accepts everything.
def validate_params(resource_params)
resource_params
DRY up AWS resource implementation and test backend implementations (#121) * Standardize requires in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Standardize requires in resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Move AWS connection hook into non-resource library area Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add an AWS resource mixin, pushing constructor out to it Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push resource param name recognition into mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push exists predicate up to mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rename base.rb to be resource_mixin for clarity Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Separate the backend from its factory, and push it out into a class mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push BackendFactory up into the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws_conn require from LMF and CloudWatch Alarm filters Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Use resource mixin for Cloudwatch Alarm Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework LMF to use the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rubocop. Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove SDK load from connection.rb; that happens in aws.rb now Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Mixin should default to allowing empty resource params Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update LMF to enforce params being required Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 18:32:13 +00:00
end
def check_resource_param_names(raw_params: {}, allowed_params: [], allowed_scalar_name: nil, allowed_scalar_type: nil)
# Some resources allow passing in a single ID value. Check and convert to hash if so.
if allowed_scalar_name && !raw_params.is_a?(Hash)
value_seen = raw_params
if value_seen.is_a?(allowed_scalar_type)
raw_params = { allowed_scalar_name => value_seen }
else
raise ArgumentError, 'If you pass a single value to the resource, it must ' \
"be a #{allowed_scalar_type}, not an #{value_seen.class}."
end
end
# Remove all expected params from the raw param hash
recognized_params = {}
allowed_params.each do |expected_param|
recognized_params[expected_param] = raw_params.delete(expected_param) if raw_params.key?(expected_param)
end
# Any leftovers are unwelcome
unless raw_params.empty?
raise ArgumentError, "Unrecognized resource param '#{raw_params.keys.first}'. Expected parameters: #{allowed_params.join(', ')}"
end
recognized_params
end
def inspec_runner
# When running under inspec-cli, we have an 'inspec' method that
# returns the runner. When running under unit tests, we don't
# have that, but we still have to call this to pass something
# (nil is OK) to the backend.
# TODO: remove with https://github.com/chef/inspec-aws/issues/216
inspec if respond_to?(:inspec)
DRY up AWS resource implementation and test backend implementations (#121) * Standardize requires in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Standardize requires in resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Move AWS connection hook into non-resource library area Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add an AWS resource mixin, pushing constructor out to it Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push resource param name recognition into mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push exists predicate up to mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rename base.rb to be resource_mixin for clarity Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Separate the backend from its factory, and push it out into a class mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push BackendFactory up into the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws_conn require from LMF and CloudWatch Alarm filters Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Use resource mixin for Cloudwatch Alarm Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework LMF to use the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rubocop. Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove SDK load from connection.rb; that happens in aws.rb now Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Mixin should default to allowing empty resource params Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update LMF to enforce params being required Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 18:32:13 +00:00
end
# Intercept AWS exceptions
def catch_aws_errors
yield
rescue Aws::Errors::MissingCredentialsError
# The AWS error here is unhelpful:
# "unable to sign request without credentials set"
Inspec::Log.error "It appears that you have not set your AWS credentials. You may set them using environment variables, or using the 'aws://region/aws_credentials_profile' target. See https://www.inspec.io/docs/reference/platforms for details."
fail_resource('No AWS credentials available')
rescue Aws::Errors::ServiceError => e
fail_resource e.message
end
DRY up AWS resource implementation and test backend implementations (#121) * Standardize requires in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Standardize requires in resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Move AWS connection hook into non-resource library area Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add an AWS resource mixin, pushing constructor out to it Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push resource param name recognition into mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push exists predicate up to mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rename base.rb to be resource_mixin for clarity Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Separate the backend from its factory, and push it out into a class mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push BackendFactory up into the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws_conn require from LMF and CloudWatch Alarm filters Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Use resource mixin for Cloudwatch Alarm Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework LMF to use the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rubocop. Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove SDK load from connection.rb; that happens in aws.rb now Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Mixin should default to allowing empty resource params Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update LMF to enforce params being required Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 18:32:13 +00:00
end