mirror of
https://github.com/inspec/inspec
synced 2024-12-23 11:33:14 +00:00
71 lines
2.5 KiB
Ruby
71 lines
2.5 KiB
Ruby
|
fixtures = {}
|
||
|
[
|
||
|
'cloudtrail_trail_1_cloud_watch_logs_group_arn',
|
||
|
'cloudtrail_trail_1_cloud_watch_logs_role_arn',
|
||
|
'cloudtrail_trail_1_key_arn',
|
||
|
'cloudtrail_trail_1_name',
|
||
|
'cloudtrail_trail_1_arn',
|
||
|
'cloudtrail_trail_1_s3_bucket_name',
|
||
|
'cloudtrail_trail_2_name',
|
||
|
'cloudtrail_trail_2_arn',
|
||
|
'cloudtrail_trail_2_s3_bucket_name'
|
||
|
].each do |fixture_name|
|
||
|
fixtures[fixture_name] = attribute(
|
||
|
fixture_name,
|
||
|
default: "default.#{fixture_name}",
|
||
|
description: 'See ../build/cloudtrail.tf',
|
||
|
)
|
||
|
end
|
||
|
|
||
|
control "aws_cloudtrail_trail recall" do
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_1_name']) do
|
||
|
it { should exist}
|
||
|
end
|
||
|
|
||
|
describe aws_cloudtrail_trail(trail_name: fixtures['cloudtrail_trail_2_name']) do
|
||
|
it { should exist }
|
||
|
end
|
||
|
|
||
|
describe aws_cloudtrail_trail('non-existant-trail') do
|
||
|
it { should_not exist }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
control "aws_cloudtrail_trail properties" do
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_1_name']) do
|
||
|
its('s3_bucket_name') { should eq fixtures['cloudtrail_trail_1_s3_bucket_name'] }
|
||
|
its('trail_arn') { should eq fixtures['cloudtrail_trail_1_arn'] }
|
||
|
its('cloud_watch_logs_role_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_role_arn'] }
|
||
|
its('cloud_watch_logs_log_group_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_group_arn']}
|
||
|
its('kms_key_id') { should eq fixtures['cloudtrail_trail_1_key_arn'] }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
|
||
|
its('s3_bucket_name') { should eq fixtures['cloudtrail_trail_2_s3_bucket_name'] }
|
||
|
its('trail_arn') { should eq fixtures['cloudtrail_trail_2_arn'] }
|
||
|
its('cloud_watch_logs_role_arn') { should be_nil }
|
||
|
its('cloud_watch_logs_log_group_arn') { should be_nil}
|
||
|
its('kms_key_id') { should be_nil }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
control "aws_cloudtrail_trail matchers" do
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_1_name']) do
|
||
|
it { should be_encrypted }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
|
||
|
it { should_not be_encrypted }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_1_name']) do
|
||
|
it { should be_multi_region_trail }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
|
||
|
it { should_not be_multi_region_trail }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_1_name']) do
|
||
|
it { should be_log_file_validation_enabled }
|
||
|
end
|
||
|
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
|
||
|
it { should_not be_log_file_validation_enabled }
|
||
|
end
|
||
|
end
|