New Skeletal Resource aws_sns_topics (#2696)

* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>

docs/resources/aws_sns_topics.md.erb

@@ -0,0 +1,52 @@
+---
+title: About the aws_sns_topics Resource
+---
+
+# aws\_sns\_topics
+Use the `aws_sns_topics` InSpec audit resource to test all or a group of the SNS Topic ARNs in an account.
+
+User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an account.
+
+<br>
+
+## Syntax
+
+An `aws_sns_topics` resource block takes no filter conditions.
+
+    # Get all SNS Topic arns
+    describe aws_sns_topics do
+      its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+As this is the initial release of `aws_sns_topics`, its limited functionality precludes examples.
+
+<br>
+
+## Matchers
+
+### exists
+
+The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
+
+    # Test if there is any SNS Topics
+    describe aws_sns_topics
+      it { should exist }
+    end
+
+
+## Properties
+
+### topic\_arns
+
+Provides an array of all SNS Topic arns.
+
+    # Test that a specific SNS Topic exists
+    describe aws_sns_topics do
+      its('topic_arns') { should include 'arn:aws:sns:us-east-1:333344445555:MyTopic' }
+    end

lib/resource_support/aws.rb

@@ -36,6 +36,7 @@ require 'resources/aws/aws_s3_bucket_object'
 require 'resources/aws/aws_security_group'
 require 'resources/aws/aws_security_groups'
 require 'resources/aws/aws_sns_topic'
+require 'resources/aws/aws_sns_topics'
 require 'resources/aws/aws_subnet'
 require 'resources/aws/aws_subnets'
 require 'resources/aws/aws_vpc'

lib/resources/aws/aws_sns_topics.rb

@@ -0,0 +1,56 @@
+class AwsSnsTopics < Inspec.resource(1)
+  name 'aws_sns_topics'
+  desc 'Verifies settings for SNS Topics in bulk'
+  example "
+    describe aws_sns_topics do
+      its('topic_arns') { should include '' }
+    end
+  "
+  supports platform: 'aws'
+
+  include AwsPluralResourceMixin
+
+  def validate_params(resource_params)
+    unless resource_params.empty?
+      raise ArgumentError, 'aws_sns_topics does not accept resource parameters.'
+    end
+    resource_params
+  end
+
+  def fetch_from_api
+    backend = BackendFactory.create(inspec_runner)
+    @table = []
+    pagination_opts = nil
+    catch_aws_errors do
+      loop do
+        api_result = backend.list_topics(pagination_opts)
+        @table += api_result.topics.map(&:to_h)
+        break if api_result.next_token.nil?
+        pagination_opts = { next_token: api_result.next_token }
+      end
+    end
+  end
+
+  # Underlying FilterTable implementation.
+  filter = FilterTable.create
+  filter.add_accessor(:where)
+        .add_accessor(:entries)
+        .add(:exists?) { |x| !x.entries.empty? }
+        .add(:topic_arns, field: :topic_arn)
+  filter.connect(self, :table)
+
+  def to_s
+    'EC2 SNS Topics'
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend self
+      self.aws_client_class = Aws::SNS::Client
+
+      def list_topics(pagination_opts)
+        aws_service_client.list_topics(pagination_opts)
+      end
+    end
+  end
+end

test/integration/aws/default/verify/controls/aws_sns_topics.rb

@@ -0,0 +1,24 @@
+fixtures = {}
+[
+  'sns_topic_recall_hit_arn',
+].each do |fixture_name|
+  fixtures[fixture_name] = attribute(
+    fixture_name,
+    default: "default.#{fixture_name}",
+    description: 'See ../build/sns.tf',
+  )
+end
+
+control "aws_sns_topics recall" do
+  # Check if there is at least one sns topic
+  describe aws_sns_topics do
+    it { should exist }
+  end
+end
+
+control "aws_sns_topics properties" do
+  # you should be able to get a list of all SNS Topic arns
+  describe aws_sns_topics do
+    its('topic_arns') { should include fixtures['sns_topic_recall_hit_arn'] }
+  end
+end

test/unit/resources/aws_sns_topics_test.rb

@@ -0,0 +1,54 @@
+require 'helper'
+
+# MSTB = MockSnsTopicsBackend
+# Abbreviation not used outside this file
+
+#=============================================================================#
+#                            Constructor Tests
+#=============================================================================#
+class AwsSnsTopicsConstructor < Minitest::Test
+  def setup
+    AwsSnsTopics::BackendFactory.select(AwsMSTB::Basic)
+  end
+
+  def test_constructor_no_args_ok
+    AwsSnsTopics.new
+  end
+
+  def test_constructor_reject_unknown_resource_params
+    assert_raises(ArgumentError) { AwsSnsTopics.new(bla: 'blabla') }
+  end
+end
+
+#=============================================================================#
+#                            Properties
+#=============================================================================#
+class AwsSnsTopicsProperties < Minitest::Test
+  def setup
+    AwsSnsTopics::BackendFactory.select(AwsMSTB::Basic)
+  end
+
+  def test_property_topics_arns
+    basic = AwsSnsTopics.new
+    assert_kind_of(Array, basic.topic_arns)
+    assert(basic.topic_arns.include?('arn:aws:sns:us-east-1:212312313:test-topic-01'))
+    assert(basic.topic_arns.include?('arn:aws:sns:us-east-1:123123129:test-topic-02'))
+    refute(basic.topic_arns.include?(nil))
+  end
+end
+
+#=============================================================================#
+#                               Test Fixtures
+#=============================================================================#
+module AwsMSTB
+  class Basic < AwsBackendBase
+    def list_topics(query = {})
+      topics = OpenStruct.new({
+        :topics => [
+          OpenStruct.new({topic_arn: 'arn:aws:sns:us-east-1:212312313:test-topic-01'}),
+          OpenStruct.new({topic_arn: 'arn:aws:sns:us-east-1:123123129:test-topic-02'})
+        ]
+      })
+    end
+  end
+end