Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'aws-core-onramp' into aws-merge

Browse source
This commit is contained in:
Clinton Wolfe 2018-02-09 00:56:28 -05:00
commit 2708a73e11
17 changed files with 189 additions and 190 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
docs/resources/aws_ec2_security_group.md → docs/resources/aws_security_group.md
View file

@ -1,10 +1,10 @@
--- ---
title: About the aws_ec2_security_group Resource title: About the aws_security_group Resource
--- ---
# aws_ec2_security_group # aws_security_group
Use the `aws_ec2_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG). Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security. SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security.
@ -12,17 +12,17 @@ SGs are a networking construct which contain ingress and egress rules for networ
## Syntax ## Syntax
An `aws_ec2_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised. An `aws_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised.
# Ensure you have a security group with a certain ID # Ensure you have a security group with a certain ID
# This is "safe" - SG IDs are unique within an account # This is "safe" - SG IDs are unique within an account
describe aws_ec2_security_group('sg-12345678') do describe aws_security_group('sg-12345678') do
it { should exist } it { should exist }
end end
# Ensure you have a security group with a certain ID # Ensure you have a security group with a certain ID
# This uses hash syntax # This uses hash syntax
describe aws_ec2_security_group(id: 'sg-12345678') do describe aws_security_group(id: 'sg-12345678') do
it { should exist } it { should exist }
end end
@ -32,7 +32,7 @@ An `aws_ec2_security_group` resource block uses resource parameters to search fo
The following examples show how to use this InSpec audit resource. The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_ec2_security_group`, its limited functionality precludes examples. As this is the initial release of `aws_security_group`, its limited functionality precludes examples.
<br> <br>
@ -45,17 +45,17 @@ This InSpec resource accepts the following parameters, which are used to search
The Security Group ID of the Security Group. This is of the format `sg-` followed by 8 hexadecimal characters. The ID is unique within your AWS account; using ID ensures that you will never match more than one SG. The ID is also the default resource parameter, so you may omit the hash syntax. The Security Group ID of the Security Group. This is of the format `sg-` followed by 8 hexadecimal characters. The ID is unique within your AWS account; using ID ensures that you will never match more than one SG. The ID is also the default resource parameter, so you may omit the hash syntax.
# Using Hash syntax # Using Hash syntax
describe aws_ec2_security_group(id: 'sg-12345678') do describe aws_security_group(id: 'sg-12345678') do
it { should exist } it { should exist }
end end
# group_id is an alias for id # group_id is an alias for id
describe aws_ec2_security_group(group_id: 'sg-12345678') do describe aws_security_group(group_id: 'sg-12345678') do
it { should exist } it { should exist }
end end
# Or omit hash syntax, rely on it being the default parameter # Or omit hash syntax, rely on it being the default parameter
describe aws_ec2_security_group('sg-12345678') do describe aws_security_group('sg-12345678') do
it { should exist } it { should exist }
end end
@ -64,12 +64,12 @@ The Security Group ID of the Security Group. This is of the format `sg-` follow
The string Name of the Security Group. Every VPC has a security group named 'default'. Names are unique within a VPC, but not within an AWS account. The string Name of the Security Group. Every VPC has a security group named 'default'. Names are unique within a VPC, but not within an AWS account.
# Get default security group for a certain VPC # Get default security group for a certain VPC
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
it { should exist } it { should exist }
end end
# This will throw an error if there is a 'backend' SG in more than one VPC. # This will throw an error if there is a 'backend' SG in more than one VPC.
describe aws_ec2_security_group(group_name: 'backend') do describe aws_security_group(group_name: 'backend') do
it { should exist } it { should exist }
end end
@ -78,7 +78,7 @@ The string Name of the Security Group. Every VPC has a security group named 'de
A string identifying the VPC which contains the security group. Since VPCs commonly contain many SGs, you should add additional parameters to ensure you find exactly one SG. A string identifying the VPC which contains the security group. Since VPCs commonly contain many SGs, you should add additional parameters to ensure you find exactly one SG.
# This will error if there is more than the default SG # This will error if there is more than the default SG
describe aws_ec2_security_group(vpc_id: 'vpc-12345678') do describe aws_security_group(vpc_id: 'vpc-12345678') do
it { should exist } it { should exist }
end end
@ -91,12 +91,12 @@ A string identifying the VPC which contains the security group. Since VPCs comm
The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist. The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist.
# You will always have at least one SG, the VPC default SG # You will always have at least one SG, the VPC default SG
describe aws_ec2_security_group(group_name: 'default') describe aws_security_group(group_name: 'default')
it { should exist } it { should exist }
end end
# Make sure we don't have any security groups with the name 'nogood' # Make sure we don't have any security groups with the name 'nogood'
describe aws_ec2_security_group(group_name: 'nogood') describe aws_security_group(group_name: 'nogood')
it { should_not exist } it { should_not exist }
end end
@ -107,19 +107,19 @@ The control will pass if the specified SG was found. Use should_not if you want
Provides the Security Group ID. Provides the Security Group ID.
# Inspect the group ID of the default group # Inspect the group ID of the default group
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
its('group_id') { should cmp 'sg-12345678' } its('group_id') { should cmp 'sg-12345678' }
end end
# Store the group ID in a Ruby variable for use elsewhere # Store the group ID in a Ruby variable for use elsewhere
sg_id = aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id sg_id = aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id
### group_name ### group_name
A String reflecting the name that was given to the SG at creation time. A String reflecting the name that was given to the SG at creation time.
# Inspect the group name of a particular group # Inspect the group name of a particular group
describe aws_ec2_security_group('sg-12345678') do describe aws_security_group('sg-12345678') do
its('group_name') { should cmp 'my_group' } its('group_name') { should cmp 'my_group' }
end end
@ -128,7 +128,7 @@ A String reflecting the name that was given to the SG at creation time.
A String reflecting the human-meaningful description that was given to the SG at creation time. A String reflecting the human-meaningful description that was given to the SG at creation time.
# Require a description of a particular group # Require a description of a particular group
describe aws_ec2_security_group('sg-12345678') do describe aws_security_group('sg-12345678') do
its('description') { should_not be_empty } its('description') { should_not be_empty }
end end
@ -137,6 +137,6 @@ A String reflecting the human-meaningful description that was given to the SG at
A String in the format 'vpc-' followed by 8 hexadecimal characters reflecting VPC that contains the security group. A String in the format 'vpc-' followed by 8 hexadecimal characters reflecting VPC that contains the security group.
# Inspec the VPC ID of a particular group # Inspec the VPC ID of a particular group
describe aws_ec2_security_group('sg-12345678') do describe aws_security_group('sg-12345678') do
its('vpc_id') { should cmp 'vpc-12345678' } its('vpc_id') { should cmp 'vpc-12345678' }
end end

22
docs/resources/aws_ec2_security_groups.md → docs/resources/aws_security_groups.md
View file

@ -1,10 +1,10 @@
--- ---
title: About the aws_ec2_security_groups Resource title: About the aws_security_groups Resource
--- ---
# aws_ec2_security_groups # aws_security_groups
Use the `aws_ec2_security_groups` InSpec audit resource to test properties of some or all security groups. Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
Security groups are a networking construct which contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security. Security groups are a networking construct which contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
@ -12,10 +12,10 @@ Security groups are a networking construct which contain ingress and egress rule
## Syntax ## Syntax
An `aws_ec2_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group. An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
# Verify you have more than the default security group # Verify you have more than the default security group
describe aws_ec2_security_groups do describe aws_security_groups do
its('entries.count') { should be > 1 } its('entries.count') { should be > 1 }
end end
@ -25,7 +25,7 @@ An `aws_ec2_security_groups` resource block uses an optional filter to select a
The following examples show how to use this InSpec audit resource. The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_ec2_security_groups`, its limited functionality precludes examples. As this is the initial release of `aws_security_groups`, its limited functionality precludes examples.
<br> <br>
@ -36,7 +36,7 @@ As this is the initial release of `aws_ec2_security_groups`, its limited functio
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches. The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
# You will always have at least one SG, the VPC default SG # You will always have at least one SG, the VPC default SG
describe aws_ec2_security_groups describe aws_security_groups
it { should exist } it { should exist }
end end
@ -47,7 +47,7 @@ The control will pass if the filter returns at least one result. Use should_not
A string identifying the VPC which contains the security group. A string identifying the VPC which contains the security group.
# Look for a particular security group in just one VPC # Look for a particular security group in just one VPC
describe aws_ec2_security_groups.where( vpc_id: 'vpc-12345678') do describe aws_security_groups.where( vpc_id: 'vpc-12345678') do
its('group_ids') { should include('sg-abcdef12')} its('group_ids') { should include('sg-abcdef12')}
end end
@ -56,7 +56,7 @@ A string identifying the VPC which contains the security group.
A string identifying a group. Since groups are contained in VPCs, group names are unique within the AWS account, but not across VPCs. A string identifying a group. Since groups are contained in VPCs, group names are unique within the AWS account, but not across VPCs.
# Examine the default security group in all VPCs # Examine the default security group in all VPCs
describe aws_ec2_security_groups.where( group_name: 'default') do describe aws_security_groups.where( group_name: 'default') do
it { should exist } it { should exist }
end end
@ -67,7 +67,7 @@ A string identifying a group. Since groups are contained in VPCs, group names a
Provides a list of all security group IDs matched. Provides a list of all security group IDs matched.
describe aws_ec2_security_groups do describe aws_security_groups do
its('group_ids') { should include('sg-12345678') } its('group_ids') { should include('sg-12345678') }
end end
@ -76,6 +76,6 @@ Provides a list of all security group IDs matched.
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations. Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
# Allow at most 100 security groups on the account # Allow at most 100 security groups on the account
describe aws_ec2_security_groups do describe aws_security_groups do
its('entries.count') { should be <= 100} its('entries.count') { should be <= 100}
end end

36
docs/resources/aws_vpc_subnet.md → docs/resources/aws_subnet.md
View file

@ -1,22 +1,22 @@
--- ---
title: About the aws_vpc_subnet Resource title: About the aws_subnet Resource
--- ---
# aws_vpc_subnet # aws_subnet
Use the `aws_vpc_subnet` InSpec audit resource to test properties of a vpc subnet. Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
To test properties of a single VPC subnet, use the `aws_vpc_subnet` resource. To test properties of a single VPC subnet, use the `aws_subnet` resource.
To test properties of all or a group of VPC subnets, use the `aws_vpc_subnets` resource. To test properties of all or a group of VPC subnets, use the `aws_subnets` resource.
<br> <br>
## Syntax ## Syntax
An `aws_vpc_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC. An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
describe aws_vpc_subnet(subnet_id: 'subnet-1234567') do describe aws_subnet(subnet_id: 'subnet-1234567') do
it { should exist } it { should exist }
its('cidr_block') { should eq '10.0.1.0/24' } its('cidr_block') { should eq '10.0.1.0/24' }
end end
@ -32,7 +32,7 @@ This InSpec resource accepts the following parameters, which are used to search
A string identifying the subnet that the VPC contains. A string identifying the subnet that the VPC contains.
# This will error if there is more than the default SG # This will error if there is more than the default SG
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist } it { should exist }
end end
@ -44,7 +44,7 @@ A string identifying the subnet that the VPC contains.
Detects whether the network interface on the subnet accepts IPv6 addresses. Detects whether the network interface on the subnet accepts IPv6 addresses.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_assigning_ipv_6_address_on_creation } it { should be_assigning_ipv_6_address_on_creation }
end end
@ -52,7 +52,7 @@ Detects whether the network interface on the subnet accepts IPv6 addresses.
Provides the current state of the subnet. Provides the current state of the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_available } it { should be_available }
end end
@ -60,7 +60,7 @@ Provides the current state of the subnet.
Detects if this is the default subnet for the Availability Zone. Detects if this is the default subnet for the Availability Zone.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_default_for_az } it { should be_default_for_az }
end end
@ -68,7 +68,7 @@ Detects if this is the default subnet for the Availability Zone.
The `exist` matcher indicates that a subnet exists for the specified vpc. The `exist` matcher indicates that a subnet exists for the specified vpc.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist } it { should exist }
end end
@ -76,7 +76,7 @@ The `exist` matcher indicates that a subnet exists for the specified vpc.
Provides the ID of the VPC the subnet is in. Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_mapping_public_ip_on_launch } it { should be_mapping_public_ip_on_launch }
end end
@ -86,7 +86,7 @@ Provides the ID of the VPC the subnet is in.
Provides the Availability Zone of the subnet. Provides the Availability Zone of the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
its('availability_zone') { should eq 'us-east-1c' } its('availability_zone') { should eq 'us-east-1c' }
end end
@ -94,7 +94,7 @@ Provides the Availability Zone of the subnet.
Provides the number of available IPv4 addresses on the subnet. Provides the number of available IPv4 addresses on the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
its('available_ip_address_count') { should eq 251 } its('available_ip_address_count') { should eq 251 }
end end
@ -102,7 +102,7 @@ Provides the number of available IPv4 addresses on the subnet.
Provides the block of ip addresses specified to the subnet. Provides the block of ip addresses specified to the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
its('cidr_block') { should eq '10.0.1.0/24' } its('cidr_block') { should eq '10.0.1.0/24' }
end end
@ -110,7 +110,7 @@ Provides the block of ip addresses specified to the subnet.
Provides the ID of the Subnet. Provides the ID of the Subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
its('subnet_id') { should eq 'subnet-12345678' } its('subnet_id') { should eq 'subnet-12345678' }
end end
@ -118,6 +118,6 @@ Provides the ID of the Subnet.
Provides the ID of the VPC the subnet is in. Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
its('vpc_id') { should eq 'vpc-12345678' } its('vpc_id') { should eq 'vpc-12345678' }
end end

28
docs/resources/aws_vpc_subnets.md → docs/resources/aws_subnets.md
View file

@ -1,10 +1,10 @@
--- ---
title: About the aws_vpc_subnets Resource title: About the aws_subnets Resource
--- ---
# aws_vpc_subnets # aws_subnets
Use the `aws_vpc_subnets` InSpec audit resource to test properties of some or all subnets. Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
Subnets are networks within a VPC that can have their own block of IP address's and ACL's. Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone. VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
@ -14,10 +14,10 @@ Separating IP addresses allows for protection if there is a failure in one avail
## Syntax ## Syntax
An `aws_vpc_subnets` resource block uses an optional filter to select a group of subnets and then tests that group. An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
# Test all subnets within a single vpc # Test all subnets within a single vpc
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678') do describe aws_subnets.where(vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' } its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' } its('subnet_ids') { should include 'subnet-98765432' }
end end
@ -28,7 +28,7 @@ An `aws_vpc_subnets` resource block uses an optional filter to select a group of
The following examples show how to use this InSpec audit resource. The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_vpc_subnets`, its limited functionality precludes examples. As this is the initial release of `aws_subnets`, its limited functionality precludes examples.
<br> <br>
@ -39,12 +39,12 @@ As this is the initial release of `aws_vpc_subnets`, its limited functionality p
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches. The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
# You dont always have subnets, so you can test if there are any. # You dont always have subnets, so you can test if there are any.
describe aws_vpc_subnets describe aws_subnets
it { should exist } it { should exist }
end end
# Test that there are subnets in a vpc # Test that there are subnets in a vpc
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678') describe aws_subnets.where(vpc_id: 'vpc-12345678')
it { should exist } it { should exist }
end end
@ -55,7 +55,7 @@ The control will pass if the filter returns at least one result. Use should_not
A string identifying the VPC which may or may not contain subnets. A string identifying the VPC which may or may not contain subnets.
# Look for all subnts within a vpc. # Look for all subnts within a vpc.
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' } its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' } its('subnet_ids') { should include 'subnet-98765432' }
end end
@ -65,7 +65,7 @@ A string identifying the VPC which may or may not contain subnets.
A string identifying a specific subnet. A string identifying a specific subnet.
# Examine a specific subnet # Examine a specific subnet
describe aws_vpc_subnets.where(subnet_id: 'subnet-12345678') do describe aws_subnets.where(subnet_id: 'subnet-12345678') do
its('cidr_blocks') { should eq ['10.0.1.0/24'] } its('cidr_blocks') { should eq ['10.0.1.0/24'] }
end end
@ -77,7 +77,7 @@ A string identifying a specific subnet.
Provides a string that contains the cidr block of ip addresses that can be given in the subnet. Provides a string that contains the cidr block of ip addresses that can be given in the subnet.
# Examine a specific subnets cidr_blocks # Examine a specific subnets cidr_blocks
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do describe aws_subnets.where( subnet_id: 'subnet-12345678') do
its('cidr_blocks') { should eq ['10.0.1.0/24'] } its('cidr_blocks') { should eq ['10.0.1.0/24'] }
end end
@ -86,7 +86,7 @@ Provides a string that contains the cidr block of ip addresses that can be given
Provides an array containing a string of the vpc_id associated with a subnet. Provides an array containing a string of the vpc_id associated with a subnet.
# Examine a specific subnets VPC IDS # Examine a specific subnets VPC IDS
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do describe aws_subnets.where( subnet_id: 'subnet-12345678') do
its('vpc_ids') { should include 'vpc-12345678' } its('vpc_ids') { should include 'vpc-12345678' }
end end
@ -95,7 +95,7 @@ Provides an array containing a string of the vpc_id associated with a subnet.
Provides an array of strings containing the subnet IDs associated with a vpc. Provides an array of strings containing the subnet IDs associated with a vpc.
# Examine a specific vpcs Subnet IDs # Examine a specific vpcs Subnet IDs
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' } its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' } its('subnet_ids') { should include 'subnet-98765432' }
end end
@ -105,6 +105,6 @@ Provides an array of strings containing the subnet IDs associated with a vpc.
Provides an array of strings including whether the subnets are available or not. Provides an array of strings including whether the subnets are available or not.
# Examine a specific vpcs Subnet IDs # Examine a specific vpcs Subnet IDs
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('states') { should_not include 'pending' } its('states') { should_not include 'pending' }
end end

8
lib/resource_support/aws.rb
View file

@ -17,8 +17,6 @@ require 'resources/aws/aws_cloudtrail_trails'
require 'resources/aws/aws_cloudwatch_alarm' require 'resources/aws/aws_cloudwatch_alarm'
require 'resources/aws/aws_cloudwatch_log_metric_filter' require 'resources/aws/aws_cloudwatch_log_metric_filter'
require 'resources/aws/aws_ec2_instance' require 'resources/aws/aws_ec2_instance'
require 'resources/aws/aws_ec2_security_group'
require 'resources/aws/aws_ec2_security_groups'
require 'resources/aws/aws_iam_access_key' require 'resources/aws/aws_iam_access_key'
require 'resources/aws/aws_iam_access_keys' require 'resources/aws/aws_iam_access_keys'
require 'resources/aws/aws_iam_group' require 'resources/aws/aws_iam_group'
@ -33,8 +31,10 @@ require 'resources/aws/aws_iam_users'
require 'resources/aws/aws_kms_keys' require 'resources/aws/aws_kms_keys'
require 'resources/aws/aws_route_table' require 'resources/aws/aws_route_table'
require 'resources/aws/aws_s3_bucket' require 'resources/aws/aws_s3_bucket'
require 'resources/aws/aws_security_group'
require 'resources/aws/aws_security_groups'
require 'resources/aws/aws_sns_topic' require 'resources/aws/aws_sns_topic'
require 'resources/aws/aws_subnet'
require 'resources/aws/aws_subnets'
require 'resources/aws/aws_vpc' require 'resources/aws/aws_vpc'
require 'resources/aws/aws_vpc_subnet'
require 'resources/aws/aws_vpc_subnets'
require 'resources/aws/aws_vpcs' require 'resources/aws/aws_vpcs'

14
lib/resources/aws/aws_ec2_security_group.rb → lib/resources/aws/aws_security_group.rb
View file

@ -1,8 +1,8 @@
class AwsEc2SecurityGroup < Inspec.resource(1) class AwsSecurityGroup < Inspec.resource(1)
name 'aws_ec2_security_group' name 'aws_security_group'
desc 'Verifies settings for an individual AWS Security Group.' desc 'Verifies settings for an individual AWS Security Group.'
example ' example '
describe aws_ec2_security_group("sg-12345678") do describe aws_security_group("sg-12345678") do
it { should exist } it { should exist }
end end
' '
@ -29,17 +29,17 @@ class AwsEc2SecurityGroup < Inspec.resource(1)
recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id) recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/ if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
raise ArgumentError, 'aws_ec2_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.' raise ArgumentError, 'aws_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
end end
if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/ if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
raise ArgumentError, 'aws_ec2_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.' raise ArgumentError, 'aws_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
end end
validated_params = recognized_params validated_params = recognized_params
if validated_params.empty? if validated_params.empty?
raise ArgumentError, 'You must provide parameters to aws_ec2_security_group, such as group_name, group_id, or vpc_id.g_group.' raise ArgumentError, 'You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group.'
end end
validated_params validated_params
end end
@ -82,7 +82,7 @@ class AwsEc2SecurityGroup < Inspec.resource(1)
class Backend class Backend
class AwsClientApi < AwsBackendBase class AwsClientApi < AwsBackendBase
AwsEc2SecurityGroup::BackendFactory.set_default_backend self BackendFactory.set_default_backend self
self.aws_client_class = Aws::EC2::Client self.aws_client_class = Aws::EC2::Client
def describe_security_groups(query) def describe_security_groups(query)

8
lib/resources/aws/aws_ec2_security_groups.rb → lib/resources/aws/aws_security_groups.rb
View file

@ -1,14 +1,14 @@
class AwsEc2SecurityGroups < Inspec.resource(1) class AwsSecurityGroups < Inspec.resource(1)
name 'aws_ec2_security_groups' name 'aws_security_groups'
desc 'Verifies settings for AWS Security Groups in bulk' desc 'Verifies settings for AWS Security Groups in bulk'
example <<-EOX example <<-EOX
# Verify that you have security groups defined # Verify that you have security groups defined
describe aws_ec2_security_groups do describe aws_security_groups do
it { should exist } it { should exist }
end end
# Verify you have more than the default security group # Verify you have more than the default security group
describe aws_ec2_security_groups do describe aws_security_groups do
its('entries.count') { should be > 1 } its('entries.count') { should be > 1 }
end end
EOX EOX

11
lib/resources/aws/aws_vpc_subnet.rb → lib/resources/aws/aws_subnet.rb
View file

@ -1,9 +1,8 @@
# author: Matthew Dromazos class AwsSubnet < Inspec.resource(1)
class AwsVpcSubnet < Inspec.resource(1) name 'aws_subnet'
name 'aws_vpc_subnet'
desc 'This resource is used to test the attributes of a VPC subnet' desc 'This resource is used to test the attributes of a VPC subnet'
example " example "
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist } it { should exist }
its('cidr_block') { should eq '10.0.1.0/24' } its('cidr_block') { should eq '10.0.1.0/24' }
end end
@ -35,11 +34,11 @@ class AwsVpcSubnet < Inspec.resource(1)
# Make sure the subnet_id parameter was specified and in the correct form. # Make sure the subnet_id parameter was specified and in the correct form.
if validated_params.key?(:subnet_id) && validated_params[:subnet_id] !~ /^subnet\-[0-9a-f]{8}/ if validated_params.key?(:subnet_id) && validated_params[:subnet_id] !~ /^subnet\-[0-9a-f]{8}/
raise ArgumentError, 'aws_vpc_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.' raise ArgumentError, 'aws_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.'
end end
if validated_params.empty? if validated_params.empty?
raise ArgumentError, 'You must provide a subnet_id to aws_vpc_subnet.' raise ArgumentError, 'You must provide a subnet_id to aws_subnet.'
end end
validated_params validated_params

8
lib/resources/aws/aws_vpc_subnets.rb → lib/resources/aws/aws_subnets.rb
View file

@ -1,9 +1,9 @@
class AwsVpcSubnets < Inspec.resource(1) class AwsSubnets < Inspec.resource(1)
name 'aws_vpc_subnets' name 'aws_subnets'
desc 'Verifies settings for VPC Subnets in bulk' desc 'Verifies settings for VPC Subnets in bulk'
example " example "
# you should be able to test the cidr_block of a subnet # you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(vpc_id: 'vpc-123456789') do describe aws_subnets.where(vpc_id: 'vpc-123456789') do
its('subnet_ids') { should eq ['subnet-12345678', 'subnet-87654321'] } its('subnet_ids') { should eq ['subnet-12345678', 'subnet-87654321'] }
its('cidr_blocks') { should eq ['172.31.96.0/20'] } its('cidr_blocks') { should eq ['172.31.96.0/20'] }
its('states') { should_not include 'pending' } its('states') { should_not include 'pending' }
@ -42,7 +42,7 @@ class AwsVpcSubnets < Inspec.resource(1)
class Backend class Backend
class AwsClientApi < AwsBackendBase class AwsClientApi < AwsBackendBase
AwsVpcSubnets::BackendFactory.set_default_backend self BackendFactory.set_default_backend self
self.aws_client_class = Aws::EC2::Client self.aws_client_class = Aws::EC2::Client
def describe_subnets(query = {}) def describe_subnets(query = {})

14
test/aws/default/verify/controls/aws_ec2_security_group.rb → test/aws/default/verify/controls/aws_security_group.rb
View file

@ -12,28 +12,28 @@ fixtures = {}
) )
end end
control "aws_ec2_security_group recall of default VPC" do control "aws_security_group recall of default VPC" do
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
it { should exist } it { should exist }
end end
describe aws_ec2_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do describe aws_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
it { should exist } it { should exist }
end end
describe aws_ec2_security_group(group_name: 'no-such-security-group') do describe aws_security_group(group_name: 'no-such-security-group') do
it { should_not exist } it { should_not exist }
end end
end end
control "aws_ec2_security_group properties" do control "aws_security_group properties" do
# You should be able to find the default security group's ID. # You should be able to find the default security group's ID.
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
its('group_id') { should cmp fixtures['ec2_security_group_default_group_id'] } its('group_id') { should cmp fixtures['ec2_security_group_default_group_id'] }
end end
describe aws_ec2_security_group(fixtures['ec2_security_group_alpha_group_id']) do describe aws_security_group(fixtures['ec2_security_group_alpha_group_id']) do
its('group_name') { should cmp fixtures['ec2_security_group_alpha_group_name'] } its('group_name') { should cmp fixtures['ec2_security_group_alpha_group_name'] }
its('vpc_id') { should cmp fixtures['ec2_security_group_default_vpc_id'] } its('vpc_id') { should cmp fixtures['ec2_security_group_default_vpc_id'] }
its('description') { should cmp 'SG alpha' } its('description') { should cmp 'SG alpha' }

8
test/aws/default/verify/controls/aws_ec2_security_groups.rb → test/aws/default/verify/controls/aws_security_groups.rb
View file

@ -11,7 +11,7 @@ fixtures = {}
end end
control "aws_security_groups client-side filtering" do control "aws_security_groups client-side filtering" do
all_groups = aws_ec2_security_groups all_groups = aws_security_groups
# You should always have at least one security group # You should always have at least one security group
describe all_groups do describe all_groups do
@ -37,14 +37,14 @@ end
control "aws_security_groups properties" do control "aws_security_groups properties" do
# You should be able to find the default security group's ID. # You should be able to find the default security group's ID.
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do describe aws_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] } its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
end end
end end
control "aws_ec2_security_groups" do control "aws_security_groups" do
# Verify you have more than the default security group # Verify you have more than the default security group
describe aws_ec2_security_groups do describe aws_security_groups do
its('entries.count') { should be >= 2 } its('entries.count') { should be >= 2 }
end end
end end

16
test/aws/default/verify/controls/aws_vpc_subnet.rb → test/aws/default/verify/controls/aws_subnet.rb
View file

@ -10,24 +10,24 @@ fixtures = {}
) )
end end
control "aws_vpc_subnet recall of subnet_01" do control "aws_subnet recall of subnet_01" do
# Test hash given subnet_id # Test hash given subnet_id
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
it { should exist } it { should exist }
end end
# Test scalar works # Test scalar works
describe aws_vpc_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do describe aws_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do
it { should exist } it { should exist }
end end
describe aws_vpc_subnet(subnet_id: 'subnet-00000000') do describe aws_subnet(subnet_id: 'subnet-00000000') do
it { should_not exist } it { should_not exist }
end end
end end
control "aws_vpc_subnet properties of subnet_01" do control "aws_subnet properties of subnet_01" do
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
its('vpc_id') { should eq fixtures['ec2_security_group_default_vpc_id'] } its('vpc_id') { should eq fixtures['ec2_security_group_default_vpc_id'] }
its('subnet_id') { should eq fixtures['ec2_default_vpc_subnet_01_id'] } its('subnet_id') { should eq fixtures['ec2_default_vpc_subnet_01_id'] }
its('cidr_block') { should eq '172.31.96.0/20' } its('cidr_block') { should eq '172.31.96.0/20' }
@ -37,8 +37,8 @@ control "aws_vpc_subnet properties of subnet_01" do
end end
end end
control "aws_vpc_subnet matchers of subnet_01" do control "aws_subnet matchers of subnet_01" do
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
it { should be_available } it { should be_available }
it { should_not be_mapping_public_ip_on_launch } it { should_not be_mapping_public_ip_on_launch }
it { should_not be_default_for_az } it { should_not be_default_for_az }

12
test/aws/default/verify/controls/aws_vpc_subnets.rb → test/aws/default/verify/controls/aws_subnets.rb
View file

@ -10,8 +10,8 @@ fixtures = {}
) )
end end
control "aws_vpc_subnets recall" do control "aws_subnets recall" do
all_subnets = aws_vpc_subnets all_subnets = aws_subnets
# You should be able to get a specific subnet given its id # You should be able to get a specific subnet given its id
describe all_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do describe all_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
@ -32,17 +32,17 @@ control "aws_vpc_subnets recall" do
end end
end end
control "aws_vpc_subnets properties of default VPC subnet" do control "aws_subnets properties of default VPC subnet" do
# you should be able to test the cidr_block of a subnet # you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do describe aws_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
its('cidr_blocks') { should include '172.31.96.0/20' } its('cidr_blocks') { should include '172.31.96.0/20' }
its('states') { should_not include 'pending' } its('states') { should_not include 'pending' }
end end
end end
control "aws_vpc_subnets properties of default VPC" do control "aws_subnets properties of default VPC" do
# you should be able to test the cidr_block of a subnet # you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do describe aws_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('cidr_blocks') { should include '172.31.96.0/20' } its('cidr_blocks') { should include '172.31.96.0/20' }
its('states') { should include 'available' } its('states') { should include 'available' }
end end

34
test/unit/resources/aws_ec2_security_group_test.rb → test/unit/resources/aws_security_group_test.rb
View file

@ -6,17 +6,17 @@ require 'helper'
#=============================================================================# #=============================================================================#
# Constructor Tests # Constructor Tests
#=============================================================================# #=============================================================================#
class AwsESGSConstructor < Minitest::Test class AwsSGSConstructor < Minitest::Test
def setup def setup
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Empty) AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Empty)
end end
def test_constructor_no_args_raises def test_constructor_no_args_raises
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new } assert_raises(ArgumentError) { AwsSecurityGroup.new }
end end
def test_constructor_accept_scalar_param def test_constructor_accept_scalar_param
AwsEc2SecurityGroup.new('sg-12345678') AwsSecurityGroup.new('sg-12345678')
end end
def test_constructor_expected_well_formed_args def test_constructor_expected_well_formed_args
@ -26,7 +26,7 @@ class AwsESGSConstructor < Minitest::Test
vpc_id: 'vpc-1234abcd', vpc_id: 'vpc-1234abcd',
group_name: 'some-group', group_name: 'some-group',
}.each do |param, value| }.each do |param, value|
AwsEc2SecurityGroup.new(param => value) AwsSecurityGroup.new(param => value)
end end
end end
@ -36,12 +36,12 @@ class AwsESGSConstructor < Minitest::Test
group_id: '1234abcd', group_id: '1234abcd',
vpc_id: 'vpc_1234abcd', vpc_id: 'vpc_1234abcd',
}.each do |param, value| }.each do |param, value|
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(param => value) } assert_raises(ArgumentError) { AwsSecurityGroup.new(param => value) }
end end
end end
def test_constructor_reject_unknown_resource_params def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(beep: 'boop') } assert_raises(ArgumentError) { AwsSecurityGroup.new(beep: 'boop') }
end end
end end
@ -49,29 +49,29 @@ end
# Properties # Properties
#=============================================================================# #=============================================================================#
class AwsESGSProperties < Minitest::Test class AwsSGSProperties < Minitest::Test
def setup def setup
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Basic) AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Basic)
end end
def test_property_group_id def test_property_group_id
assert_equal('sg-12345678', AwsEc2SecurityGroup.new('sg-12345678').group_id) assert_equal('sg-12345678', AwsSecurityGroup.new('sg-12345678').group_id)
assert_nil(AwsEc2SecurityGroup.new(group_name: 'my-group').group_id) assert_nil(AwsSecurityGroup.new(group_name: 'my-group').group_id)
end end
def test_property_group_name def test_property_group_name
assert_equal('beta', AwsEc2SecurityGroup.new('sg-12345678').group_name) assert_equal('beta', AwsSecurityGroup.new('sg-12345678').group_name)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').group_name) assert_nil(AwsSecurityGroup.new('sg-87654321').group_name)
end end
def test_property_vpc_id def test_property_vpc_id
assert_equal('vpc-aaaabbbb', AwsEc2SecurityGroup.new('sg-aaaabbbb').vpc_id) assert_equal('vpc-aaaabbbb', AwsSecurityGroup.new('sg-aaaabbbb').vpc_id)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').vpc_id) assert_nil(AwsSecurityGroup.new('sg-87654321').vpc_id)
end end
def test_property_description def test_property_description
assert_equal('Awesome Group', AwsEc2SecurityGroup.new('sg-12345678').description) assert_equal('Awesome Group', AwsSecurityGroup.new('sg-12345678').description)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').description) assert_nil(AwsSecurityGroup.new('sg-87654321').description)
end end
end end

28
test/unit/resources/aws_ec2_security_groups_test.rb → test/unit/resources/aws_security_groups_test.rb
View file

@ -1,46 +1,46 @@
require 'helper' require 'helper'
# MESGB = MockEc2SecurityGroupBackend # MESGB = MockSecurityGroupBackend
# Abbreviation not used outside this file # Abbreviation not used outside this file
#=============================================================================# #=============================================================================#
# Constructor Tests # Constructor Tests
#=============================================================================# #=============================================================================#
class AwsESGConstructor < Minitest::Test class AwsSGConstructor < Minitest::Test
def setup def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Empty) AwsSecurityGroups::BackendFactory.select(AwsMESGB::Empty)
end end
def test_constructor_no_args_ok def test_constructor_no_args_ok
AwsEc2SecurityGroups.new AwsSecurityGroups.new
end end
def test_constructor_reject_unknown_resource_params def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsEc2SecurityGroups.new(beep: 'boop') } assert_raises(ArgumentError) { AwsSecurityGroups.new(beep: 'boop') }
end end
end end
#=============================================================================# #=============================================================================#
# Filter Criteria # Filter Criteria
#=============================================================================# #=============================================================================#
class AwsESGFilterCriteria < Minitest::Test class AwsSGFilterCriteria < Minitest::Test
def setup def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic) AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
end end
def test_filter_vpc_id def test_filter_vpc_id
hit = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-12345678') hit = AwsSecurityGroups.new.where(vpc_id: 'vpc-12345678')
assert(hit.exists?) assert(hit.exists?)
miss = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-87654321') miss = AwsSecurityGroups.new.where(vpc_id: 'vpc-87654321')
refute(miss.exists?) refute(miss.exists?)
end end
def test_filter_group_name def test_filter_group_name
hit = AwsEc2SecurityGroups.new.where(group_name: 'alpha') hit = AwsSecurityGroups.new.where(group_name: 'alpha')
assert(hit.exists?) assert(hit.exists?)
miss = AwsEc2SecurityGroups.new.where(group_name: 'nonesuch') miss = AwsSecurityGroups.new.where(group_name: 'nonesuch')
refute(miss.exists?) refute(miss.exists?)
end end
@ -49,13 +49,13 @@ end
#=============================================================================# #=============================================================================#
# Properties # Properties
#=============================================================================# #=============================================================================#
class AwsESGProperties < Minitest::Test class AwsSGProperties < Minitest::Test
def setup def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic) AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
end end
def test_property_group_ids def test_property_group_ids
basic = AwsEc2SecurityGroups.new basic = AwsSecurityGroups.new
assert_kind_of(Array, basic.group_ids) assert_kind_of(Array, basic.group_ids)
assert(basic.group_ids.include?('sg-aaaabbbb')) assert(basic.group_ids.include?('sg-aaaabbbb'))
refute(basic.group_ids.include?(nil)) refute(basic.group_ids.include?(nil))

60
test/unit/resources/aws_vpc_subnet_test.rb → test/unit/resources/aws_subnet_test.rb
View file

@ -7,21 +7,21 @@ require 'helper'
#=============================================================================# #=============================================================================#
# Constructor Tests # Constructor Tests
#=============================================================================# #=============================================================================#
class AwsVpcSubnetConstructorTest < Minitest::Test class AwsSubnetConstructorTest < Minitest::Test
def setup def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic) AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end end
def test_constructor_no_args_raises def test_constructor_no_args_raises
assert_raises(ArgumentError) { AwsVpcSubnet.new } assert_raises(ArgumentError) { AwsSubnet.new }
end end
def test_constructor_expected_well_formed_args def test_constructor_expected_well_formed_args
AwsVpcSubnet.new(subnet_id: 'subnet-12345678') AwsSubnet.new(subnet_id: 'subnet-12345678')
end end
def test_constructor_reject_unknown_resource_params def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsVpcSubnet.new(bla: 'blabla') } assert_raises(ArgumentError) { AwsSubnet.new(bla: 'blabla') }
end end
end end
@ -29,17 +29,17 @@ end
# Recall # Recall
#=============================================================================# #=============================================================================#
class AwsVpcSubnetRecallTest < Minitest::Test class AwsSubnetRecallTest < Minitest::Test
def setup def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic) AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end end
def test_search_hit_via_hash_with_vpc_id_and_subnet_id_works def test_search_hit_via_hash_with_vpc_id_and_subnet_id_works
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').exists? assert AwsSubnet.new(subnet_id: 'subnet-12345678').exists?
end end
def test_search_miss_is_not_an_exception def test_search_miss_is_not_an_exception
refute AwsVpcSubnet.new(subnet_id: 'subnet-00000000').exists? refute AwsSubnet.new(subnet_id: 'subnet-00000000').exists?
end end
end end
@ -47,62 +47,62 @@ end
# properties # properties
#=============================================================================# #=============================================================================#
class AwsVpcSubnetPropertiesTest < Minitest::Test class AwsSubnetPropertiesTest < Minitest::Test
def setup def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic) AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end end
def test_property_subnet_id def test_property_subnet_id
assert_equal('subnet-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').subnet_id) assert_equal('subnet-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').subnet_id)
end end
def test_property_vpc_id def test_property_vpc_id
assert_equal('vpc-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').vpc_id) assert_equal('vpc-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').vpc_id)
end end
def test_property_cidr_block def test_property_cidr_block
assert_equal('10.0.1.0/24', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').cidr_block) assert_equal('10.0.1.0/24', AwsSubnet.new(subnet_id: 'subnet-12345678').cidr_block)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').cidr_block) assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').cidr_block)
end end
def test_property_availability_zone def test_property_availability_zone
assert_equal('us-east-1', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').availability_zone) assert_equal('us-east-1', AwsSubnet.new(subnet_id: 'subnet-12345678').availability_zone)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').availability_zone) assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').availability_zone)
end end
def test_property_available_ip_address_count def test_property_available_ip_address_count
assert_equal(251, AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count) assert_equal(251, AwsSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count) assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count)
end end
def test_property_ipv_6_cidr_block_association_set def test_property_ipv_6_cidr_block_association_set
assert_equal([], AwsVpcSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set) assert_equal([], AwsSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set) assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set)
end end
end end
#=============================================================================# #=============================================================================#
# Test Matchers # Test Matchers
#=============================================================================# #=============================================================================#
class AwsVpcSubnetPropertiesTest < Minitest::Test class AwsSubnetPropertiesTest < Minitest::Test
def test_matcher_assign_ipv_6_address_on_creation def test_matcher_assign_ipv_6_address_on_creation
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation assert AwsSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation refute AwsSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation
end end
def test_matcher_available def test_matcher_available
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available? assert AwsSubnet.new(subnet_id: 'subnet-12345678').available?
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').available? refute AwsSubnet.new(subnet_id: 'subnet-87654321').available?
end end
def test_matcher_default_for_az def test_matcher_default_for_az
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').default_for_az? assert AwsSubnet.new(subnet_id: 'subnet-12345678').default_for_az?
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').default_for_az? refute AwsSubnet.new(subnet_id: 'subnet-87654321').default_for_az?
end end
def test_matcher_map_public_ip_on_launch def test_matcher_map_public_ip_on_launch
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch assert AwsSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch refute AwsSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch
end end
end end

32
test/unit/resources/aws_vpc_subnets_test.rb → test/unit/resources/aws_subnets_test.rb
View file

@ -6,42 +6,42 @@ require 'helper'
#=============================================================================# #=============================================================================#
# Constructor Tests # Constructor Tests
#=============================================================================# #=============================================================================#
class AwsVpcSubnetsConstructor < Minitest::Test class AwsSubnetsConstructor < Minitest::Test
def setup def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic) AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end end
def test_constructor_no_args_ok def test_constructor_no_args_ok
AwsVpcSubnets.new AwsSubnets.new
end end
def test_constructor_reject_unknown_resource_params def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsVpcSubnets.new(bla: 'blabla') } assert_raises(ArgumentError) { AwsSubnets.new(bla: 'blabla') }
end end
end end
#=============================================================================# #=============================================================================#
# Filter Criteria # Filter Criteria
#=============================================================================# #=============================================================================#
class AwsVpcSubnetsFilterCriteria < Minitest::Test class AwsSubnetsFilterCriteria < Minitest::Test
def setup def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic) AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end end
def test_filter_vpc_id def test_filter_vpc_id
hit = AwsVpcSubnets.new.where(vpc_id: 'vpc-01234567') hit = AwsSubnets.new.where(vpc_id: 'vpc-01234567')
assert(hit.exists?) assert(hit.exists?)
miss = AwsVpcSubnets.new.where(vpc_id: 'vpc-87654321') miss = AwsSubnets.new.where(vpc_id: 'vpc-87654321')
refute(miss.exists?) refute(miss.exists?)
end end
def test_filter_subnet_id def test_filter_subnet_id
hit = AwsVpcSubnets.new.where(subnet_id: 'subnet-01234567') hit = AwsSubnets.new.where(subnet_id: 'subnet-01234567')
assert(hit.exists?) assert(hit.exists?)
miss = AwsVpcSubnets.new.where(subnet_id: 'subnet-98765432') miss = AwsSubnets.new.where(subnet_id: 'subnet-98765432')
refute(miss.exists?) refute(miss.exists?)
end end
@ -50,34 +50,34 @@ end
#=============================================================================# #=============================================================================#
# Properties # Properties
#=============================================================================# #=============================================================================#
class AwsVpcSubnetProperties < Minitest::Test class AwsSubnetProperties < Minitest::Test
def setup def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic) AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end end
def test_property_vpc_ids def test_property_vpc_ids
basic = AwsVpcSubnets.new basic = AwsSubnets.new
assert_kind_of(Array, basic.vpc_ids) assert_kind_of(Array, basic.vpc_ids)
assert(basic.vpc_ids.include?('vpc-01234567')) assert(basic.vpc_ids.include?('vpc-01234567'))
refute(basic.vpc_ids.include?(nil)) refute(basic.vpc_ids.include?(nil))
end end
def test_property_subnet_ids def test_property_subnet_ids
basic = AwsVpcSubnets.new basic = AwsSubnets.new
assert_kind_of(Array, basic.subnet_ids) assert_kind_of(Array, basic.subnet_ids)
assert(basic.subnet_ids.include?('subnet-01234567')) assert(basic.subnet_ids.include?('subnet-01234567'))
refute(basic.subnet_ids.include?(nil)) refute(basic.subnet_ids.include?(nil))
end end
def test_property_cidr_blocks def test_property_cidr_blocks
basic = AwsVpcSubnets.new basic = AwsSubnets.new
assert_kind_of(Array, basic.cidr_blocks) assert_kind_of(Array, basic.cidr_blocks)
assert(basic.cidr_blocks.include?('10.0.1.0/24')) assert(basic.cidr_blocks.include?('10.0.1.0/24'))
refute(basic.cidr_blocks.include?(nil)) refute(basic.cidr_blocks.include?(nil))
end end
def test_property_states def test_property_states
basic = AwsVpcSubnets.new basic = AwsSubnets.new
assert_kind_of(Array, basic.states) assert_kind_of(Array, basic.states)
assert(basic.states.include?('available')) assert(basic.states.include?('available'))
refute(basic.states.include?(nil)) refute(basic.states.include?(nil))