mirror of
https://github.com/inspec/inspec
synced 2024-12-30 15:03:29 +00:00
43 lines
1.3 KiB
Ruby
43 lines
1.3 KiB
Ruby
|
fixtures = {}
|
||
|
[
|
||
|
'ec2_security_group_default_vpc_id',
|
||
|
'ec2_security_group_default_group_id',
|
||
|
].each do |fixture_name|
|
||
|
fixtures[fixture_name] = attribute(
|
||
|
fixture_name,
|
||
|
default: "default.#{fixture_name}",
|
||
|
description: 'See ../build/ec2.tf',
|
||
|
)
|
||
|
end
|
||
|
|
||
|
control "aws_security_groups client-side filtering" do
|
||
|
all_groups = aws_ec2_security_groups
|
||
|
|
||
|
# You should always have at least one security group
|
||
|
describe all_groups do
|
||
|
it { should exist }
|
||
|
end
|
||
|
|
||
|
# You should be able to find a security group in the default VPC
|
||
|
describe all_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||
|
it { should exist }
|
||
|
end
|
||
|
describe all_groups.where(vpc_id: 'vpc-12345678') do
|
||
|
it { should_not exist }
|
||
|
end
|
||
|
|
||
|
# You should be able to find the security group named default
|
||
|
describe all_groups.where(group_name: 'default') do
|
||
|
it { should exist }
|
||
|
end
|
||
|
describe all_groups.where(group_name: 'no-such-security-group') do
|
||
|
it { should_not exist }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
control "aws_security_groups properties" do
|
||
|
# You should be able to find the default security group's ID.
|
||
|
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||
|
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
|
||
|
end
|
||
|
end
|