2017-02-01 21:27:10 +00:00
|
|
|
# author: Alex Bedley
|
|
|
|
|
# author: Steffanie Freeman
|
|
|
|
|
# author: Simon Varlow
|
2017-06-13 05:36:43 +00:00
|
|
|
# author: Chris Redekop
|
|
|
|
|
|
2017-02-01 21:27:10 +00:00
|
|
|
class AwsIamUser < Inspec.resource(1)
|
|
|
|
|
name 'aws_iam_user'
|
|
|
|
|
desc 'Verifies settings for AWS IAM user'
|
|
|
|
|
example "
|
2017-10-27 20:31:36 +00:00
|
|
|
describe aws_iam_user(name: 'test_user') do
|
2017-10-27 15:06:49 +00:00
|
|
|
it { should have_mfa_enabled }
|
2017-10-27 20:31:36 +00:00
|
|
|
it { should_not have_console_password }
|
2017-02-01 21:27:10 +00:00
|
|
|
end
|
|
|
|
|
"
|
2017-08-08 13:50:35 +00:00
|
|
|
def initialize(
|
|
|
|
|
opts,
|
|
|
|
|
aws_user_provider = AwsIam::UserProvider.new,
|
2017-10-26 19:22:15 +00:00
|
|
|
aws_user_details_provider_ini = AwsIam::UserDetailsProviderInitializer.new,
|
2017-08-08 13:50:35 +00:00
|
|
|
access_key_factory = AwsIamAccessKeyFactory.new
|
|
|
|
|
)
|
2017-10-26 19:22:15 +00:00
|
|
|
user = opts[:user]
|
|
|
|
|
user = aws_user_provider.user(opts[:name]) if user.nil?
|
|
|
|
|
@aws_user_details_provider = aws_user_details_provider_ini.create(user)
|
2017-06-13 05:36:43 +00:00
|
|
|
@access_key_factory = access_key_factory
|
2017-02-01 21:27:10 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_mfa_enabled?
|
2017-10-26 19:22:15 +00:00
|
|
|
@aws_user_details_provider.has_mfa_enabled?
|
2017-02-01 21:27:10 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_console_password?
|
2017-10-26 19:22:15 +00:00
|
|
|
@aws_user_details_provider.has_console_password?
|
2017-02-01 21:27:10 +00:00
|
|
|
end
|
2017-06-13 05:36:43 +00:00
|
|
|
|
|
|
|
|
def access_keys
|
2017-10-26 19:22:15 +00:00
|
|
|
@aws_user_details_provider.access_keys.map { |access_key|
|
2017-06-13 05:36:43 +00:00
|
|
|
@access_key_factory.create_access_key(access_key)
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
2017-08-08 13:50:35 +00:00
|
|
|
def name
|
2017-10-26 19:22:15 +00:00
|
|
|
@aws_user_details_provider.name
|
2017-08-08 13:50:35 +00:00
|
|
|
end
|
|
|
|
|
|
2017-06-28 12:46:59 +00:00
|
|
|
def to_s
|
2017-08-08 13:50:35 +00:00
|
|
|
"IAM User #{name}"
|
2017-06-28 12:46:59 +00:00
|
|
|
end
|
|
|
|
|
|
2017-06-13 05:36:43 +00:00
|
|
|
class AwsIamAccessKeyFactory
|
|
|
|
|
def create_access_key(access_key)
|
|
|
|
|
AwsIamAccessKey.new({ access_key: access_key })
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-02-01 21:27:10 +00:00
|
|
|
end
|
