2017-02-01 16:27:10 -05:00
|
|
|
# author: Alex Bedley
|
|
|
|
|
# author: Steffanie Freeman
|
|
|
|
|
# author: Simon Varlow
|
2017-06-13 01:36:43 -04:00
|
|
|
# author: Chris Redekop
|
|
|
|
|
|
2017-02-01 16:27:10 -05:00
|
|
|
class AwsIamUser < Inspec.resource(1)
|
|
|
|
|
name 'aws_iam_user'
|
|
|
|
|
desc 'Verifies settings for AWS IAM user'
|
|
|
|
|
example "
|
|
|
|
|
describe aws_iam_user('test_user_name') do
|
|
|
|
|
its('has_mfa_enabled?') { should be false }
|
|
|
|
|
its('has_console_password?') { should be true }
|
|
|
|
|
end
|
|
|
|
|
"
|
2017-06-13 01:36:43 -04:00
|
|
|
def initialize(name, aws_user_provider = AwsIam::UserProvider.new,
|
|
|
|
|
access_key_factory = AwsIamAccessKeyFactory.new)
|
|
|
|
|
|
2017-02-01 16:27:10 -05:00
|
|
|
@name = name
|
2017-05-10 15:41:03 -04:00
|
|
|
@user = aws_user_provider.user(name)
|
2017-06-13 01:36:43 -04:00
|
|
|
@access_key_factory = access_key_factory
|
2017-02-01 16:27:10 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_mfa_enabled?
|
2017-03-29 17:09:05 -04:00
|
|
|
@user[:has_mfa_enabled?]
|
2017-02-01 16:27:10 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_console_password?
|
2017-03-29 17:09:05 -04:00
|
|
|
@user[:has_console_password?]
|
2017-02-01 16:27:10 -05:00
|
|
|
end
|
2017-06-13 01:36:43 -04:00
|
|
|
|
|
|
|
|
def access_keys
|
|
|
|
|
@user[:access_keys].map { |access_key|
|
|
|
|
|
@access_key_factory.create_access_key(access_key)
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
class AwsIamAccessKeyFactory
|
|
|
|
|
def create_access_key(access_key)
|
|
|
|
|
AwsIamAccessKey.new({ access_key: access_key })
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-02-01 16:27:10 -05:00
|
|
|
end
|
