inspec/libraries/aws_iam_password_policy.rb

# author: Viktor Yakovlyev
class AwsIamPasswordPolicy < Inspec.resource(1)
  name 'aws_iam_password_policy'
  desc 'Verifies iam password policy'

  example "
    describe aws_iam_password_policy do
      its('requires_lowercase_characters?') { should be true }
    end

    describe aws_iam_password_policy do
      its('requires_uppercase_characters?') { should be true }
    end
  "

  def initialize(conn = AWSConnection.new)
    @policy = conn.iam_resource.account_password_policy
  rescue Aws::IAM::Errors::NoSuchEntity
    @policy = nil
  end

  def exists?
    !@policy.nil?
  end

  def requires_lowercase_characters?
    @policy.require_lowercase_characters
  end

  def requires_uppercase_characters?
    @policy.require_uppercase_characters
  end

  def minimum_password_length
    @policy.minimum_password_length
  end

  def requires_numbers?
    @policy.require_numbers
  end

  def requires_symbols?
    @policy.require_symbols
  end

  def allows_users_to_change_password?
    @policy.allow_users_to_change_password
  end

  def expires_passwords?
    @policy.expire_passwords
  end

  def max_password_age
    raise 'this policy does not expire passwords' unless expires_passwords?
    @policy.max_password_age
  end

  def prevents_password_reuse?
    !@policy.password_reuse_prevention.nil?
  end

  def number_of_passwords_to_remember
    raise 'this policy does not prevent password reuse' \
      unless prevents_password_reuse?
    @policy.password_reuse_prevention
  end

  def to_s
    'IAM Password-Policy'
  end
end
Add iam password policy Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> wire up mock resource twice Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> cleaning up as per pr feedback Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> style fixes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> fix indent in test Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> remove unneeded line Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> use minitest mock instead of object Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-06 19:12:19 +00:00			`# author: Viktor Yakovlyev`
Update resource based on PR feedback Signed-off-by: Chris Redekop <chris.redekop@d2l.com> 2017-04-28 10:50:26 +00:00			`class AwsIamPasswordPolicy < Inspec.resource(1)`
			`name 'aws_iam_password_policy'`
Add iam password policy Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> wire up mock resource twice Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> cleaning up as per pr feedback Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> style fixes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> fix indent in test Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> remove unneeded line Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> use minitest mock instead of object Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-06 19:12:19 +00:00			`desc 'Verifies iam password policy'`

			`example "`
Update resource based on PR feedback Signed-off-by: Chris Redekop <chris.redekop@d2l.com> 2017-04-28 10:50:26 +00:00			`describe aws_iam_password_policy do`
Correct examples in `aws_iam_password_policy` (#99) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> 2017-10-12 15:54:55 +00:00			`its('requires_lowercase_characters?') { should be true }`
Add iam password policy Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> wire up mock resource twice Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> cleaning up as per pr feedback Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> style fixes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> fix indent in test Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> remove unneeded line Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> use minitest mock instead of object Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-06 19:12:19 +00:00			`end`

Update resource based on PR feedback Signed-off-by: Chris Redekop <chris.redekop@d2l.com> 2017-04-28 10:50:26 +00:00			`describe aws_iam_password_policy do`
Correct examples in `aws_iam_password_policy` (#99) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> 2017-10-12 15:54:55 +00:00			`its('requires_uppercase_characters?') { should be true }`
Add iam password policy Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> wire up mock resource twice Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> cleaning up as per pr feedback Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> style fixes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> fix indent in test Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> remove unneeded line Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> use minitest mock instead of object Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-06 19:12:19 +00:00			`end`
			`"`

			`def initialize(conn = AWSConnection.new)`
			`@policy = conn.iam_resource.account_password_policy`
			`rescue Aws::IAM::Errors::NoSuchEntity`
			`@policy = nil`
			`end`

			`def exists?`
			`!@policy.nil?`
			`end`

			`def requires_lowercase_characters?`
			`@policy.require_lowercase_characters`
			`end`

			`def requires_uppercase_characters?`
			`@policy.require_uppercase_characters`
			`end`

			`def minimum_password_length`
			`@policy.minimum_password_length`
			`end`

			`def requires_numbers?`
			`@policy.require_numbers`
			`end`

			`def requires_symbols?`
			`@policy.require_symbols`
			`end`

			`def allows_users_to_change_password?`
			`@policy.allow_users_to_change_password`
			`end`
add 1.11, password expiry and password expiry time in days, fix examples Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> check for unset password expiry Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> pr changes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-13 19:00:04 +00:00
			`def expires_passwords?`
			`@policy.expire_passwords`
			`end`

			`def max_password_age`
			`raise 'this policy does not expire passwords' unless expires_passwords?`
			`@policy.max_password_age`
			`end`
[ISSUE-36] - Cover Recommendation 1.10 (#47) * Add query for password_reuse_prevention to iam_password_policy Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com> * Use mock over stub, and more concise language for tests in aws_iam_password_policy Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com> * Rename method prevent_password_reuse to prevents_password_reuse Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com> 2017-06-13 05:41:43 +00:00
			`def prevents_password_reuse?`
			`!@policy.password_reuse_prevention.nil?`
			`end`

			`def number_of_passwords_to_remember`
			`raise 'this policy does not prevent password reuse' \`
			`unless prevents_password_reuse?`
			`@policy.password_reuse_prevention`
			`end`
Add to_s method to aws_iam_password_policy (#61) * Add to_s method to aws_iam_password_policy Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * Use single quoted string and remove unnecessary substring Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> 2017-06-29 10:03:20 +00:00
			`def to_s`
			`'IAM Password-Policy'`
			`end`
Add iam password policy Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> wire up mock resource twice Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> cleaning up as per pr feedback Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> style fixes Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> fix indent in test Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> remove unneeded line Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> use minitest mock instead of object Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com> 2017-04-06 19:12:19 +00:00			`end`