mirror of
https://github.com/inspec/inspec
synced 2024-11-23 21:23:29 +00:00
Fixes partially indented blocks and unescaped underscores (#2731)
Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen. Underscores in markdown must be escaped otherwise the world goes crooked. Signed-off-by: Franklin Webber <franklin@chef.io>
This commit is contained in:
parent
9f07f0899d
commit
a359399fa0
9 changed files with 51 additions and 56 deletions
|
@ -68,9 +68,9 @@ The where accessor can be used to filter on fields. For example:
|
||||||
|
|
||||||
The key filter may be useful in evaluating rules with particular key values:
|
The key filter may be useful in evaluating rules with particular key values:
|
||||||
|
|
||||||
describe auditd.where { key == "privileged" } do
|
describe auditd.where { key == "privileged" } do
|
||||||
its('permissions') { should include ['x'] }
|
its('permissions') { should include ['x'] }
|
||||||
end
|
end
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
|
|
@ -65,7 +65,7 @@ This InSpec audit resource has the following special matchers. For a full list o
|
||||||
|
|
||||||
### be\_pending
|
### be\_pending
|
||||||
|
|
||||||
The `be\_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
|
The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
|
||||||
|
|
||||||
it { should be_pending }
|
it { should be_pending }
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ Use the `aws_iam_policy` InSpec audit resource to test properties of a single ma
|
||||||
|
|
||||||
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
|
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
|
||||||
|
|
||||||
Each IAM Policy is uniquely identified by either its policy_name or arn.
|
Each IAM Policy is uniquely identified by either its policy\_name or arn.
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
@ -142,5 +142,3 @@ The test will pass if the identified policy attached the specified role.
|
||||||
describe aws_iam_policy('AWSSupportAccess') do
|
describe aws_iam_policy('AWSSupportAccess') do
|
||||||
it { should be_attached_to_role(ROLENAME) }
|
it { should be_attached_to_role(ROLENAME) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,10 +11,10 @@ Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM
|
||||||
|
|
||||||
## Syntax
|
## Syntax
|
||||||
|
|
||||||
# Ensure that a certain role exists by name
|
# Ensure that a certain role exists by name
|
||||||
describe aws_iam_role('my-role') do
|
describe aws_iam_role('my-role') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
@ -24,13 +24,13 @@ Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM
|
||||||
|
|
||||||
This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
|
This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
|
||||||
|
|
||||||
describe aws_iam_role('my-role') do
|
describe aws_iam_role('my-role') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
# Same
|
# Same
|
||||||
describe aws_iam_role(role_name: 'my-role') do
|
describe aws_iam_role(role_name: 'my-role') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ This InSpec audit resource has the following special matchers. For a full list o
|
||||||
|
|
||||||
### exist
|
### exist
|
||||||
|
|
||||||
Indicates that the Role Name provided was found. Use should_not to test for IAM Roles that should not exist.
|
Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
|
||||||
|
|
||||||
describe aws_iam_role('should-be-there') do
|
describe aws_iam_role('should-be-there') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
|
@ -61,5 +61,3 @@ Indicates that the Role Name provided was found. Use should_not to test for IAM
|
||||||
describe aws_iam_role('should-not-be-there') do
|
describe aws_iam_role('should-not-be-there') do
|
||||||
it { should_not exist }
|
it { should_not exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,10 +11,10 @@ Use the `aws_route_table` InSpec audit resource to test properties of a single R
|
||||||
|
|
||||||
## Syntax
|
## Syntax
|
||||||
|
|
||||||
# Ensure that a certain route table exists by name
|
# Ensure that a certain route table exists by name
|
||||||
describe aws_route_table('rtb-123abcde') do
|
describe aws_route_table('rtb-123abcde') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
## Resource Parameters
|
## Resource Parameters
|
||||||
|
|
||||||
|
@ -22,13 +22,13 @@ Use the `aws_route_table` InSpec audit resource to test properties of a single R
|
||||||
|
|
||||||
This resource expects a single parameter that uniquely identifies the Route Table. You may pass it as a string, or as the value in a hash:
|
This resource expects a single parameter that uniquely identifies the Route Table. You may pass it as a string, or as the value in a hash:
|
||||||
|
|
||||||
describe aws_route_table('rtb-123abcde') do
|
describe aws_route_table('rtb-123abcde') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
# Same
|
# Same
|
||||||
describe aws_route_table(route_table_id: 'rtb-123abcde') do
|
describe aws_route_table(route_table_id: 'rtb-123abcde') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
## Matchers
|
## Matchers
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ For a full list of available matchers, please visit our [matchers page](https://
|
||||||
|
|
||||||
### exist
|
### exist
|
||||||
|
|
||||||
Indicates that the Route Table provided was found. Use should_not to test for Route Tables that should not exist.
|
Indicates that the Route Table provided was found. Use `should_not` to test for Route Tables that should not exist.
|
||||||
|
|
||||||
describe aws_route_table('should-be-there') do
|
describe aws_route_table('should-be-there') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
|
|
|
@ -138,7 +138,7 @@ This InSpec audit resource has the following special matchers. For a full list o
|
||||||
|
|
||||||
### exists
|
### exists
|
||||||
|
|
||||||
The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist.
|
The control will pass if the specified SG was found. Use `should_not` if you want to verify that the specified SG does not exist.
|
||||||
|
|
||||||
# You will always have at least one SG, the VPC default SG
|
# You will always have at least one SG, the VPC default SG
|
||||||
describe aws_security_group(group_name: 'default')
|
describe aws_security_group(group_name: 'default')
|
||||||
|
@ -149,4 +149,3 @@ The control will pass if the specified SG was found. Use should_not if you want
|
||||||
describe aws_security_group(group_name: 'nogood')
|
describe aws_security_group(group_name: 'nogood')
|
||||||
it { should_not exist }
|
it { should_not exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ A string identifying a group. Since groups are contained in VPCs, group names ar
|
||||||
|
|
||||||
## Properties
|
## Properties
|
||||||
|
|
||||||
* `entries`, `group\_ids`
|
* `entries`, `group_ids`
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
@ -89,4 +89,3 @@ The control will pass if the filter returns at least one result. Use `should_not
|
||||||
describe aws_security_groups
|
describe aws_security_groups
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -10,16 +10,16 @@ Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS
|
||||||
|
|
||||||
## Syntax
|
## Syntax
|
||||||
|
|
||||||
# Ensure that a topic exists and has at least one subscription
|
# Ensure that a topic exists and has at least one subscription
|
||||||
describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
|
describe aws_sns_topic('arn:aws:sns:*::my-topic-name') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
its('confirmed_subscription_count') { should_not be_zero }
|
its('confirmed_subscription_count') { should_not be_zero }
|
||||||
end
|
end
|
||||||
|
|
||||||
# You may also use has syntax to pass the ARN
|
# You may also use has syntax to pass the ARN
|
||||||
describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
|
describe aws_sns_topic(arn: 'arn:aws:sns:*::my-topic-name') do
|
||||||
it { should exist }
|
it { should exist }
|
||||||
end
|
end
|
||||||
|
|
||||||
## Resource Parameters
|
## Resource Parameters
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS
|
||||||
|
|
||||||
This resource expects a single parameter that uniquely identifes the SNS Topic, an ARN. Amazon Resource Names for SNS topics have the format `arn:aws:sns:region:account-id:topicname`. AWS requires a fully-specified ARN for looking up an SNS topic. The account ID and region are required. Wildcards are not permitted.
|
This resource expects a single parameter that uniquely identifes the SNS Topic, an ARN. Amazon Resource Names for SNS topics have the format `arn:aws:sns:region:account-id:topicname`. AWS requires a fully-specified ARN for looking up an SNS topic. The account ID and region are required. Wildcards are not permitted.
|
||||||
|
|
||||||
See also the (AWS documentation on ARNs)[http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html].
|
See also the [AWS documentation on ARNs](http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html).
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ This InSpec audit resource has the following special matchers. For a full list o
|
||||||
|
|
||||||
### exist
|
### exist
|
||||||
|
|
||||||
Indicates that the ARN provided was found. Use should_not to test for SNS topics that should not exist.
|
Indicates that the ARN provided was found. Use `should_not` to test for SNS topics that should not exist.
|
||||||
|
|
||||||
# Expect good news
|
# Expect good news
|
||||||
describe aws_sns_topic('arn:aws:sns:*::good-news') do
|
describe aws_sns_topic('arn:aws:sns:*::good-news') do
|
||||||
|
|
|
@ -68,7 +68,8 @@ The following examples show how to use this InSpec audit resource.
|
||||||
|
|
||||||
## Property Examples
|
## Property Examples
|
||||||
|
|
||||||
### Test a special time string
|
|
||||||
|
### Test a special time string
|
||||||
|
|
||||||
describe crontab do
|
describe crontab do
|
||||||
its('minutes') { should cmp '0' }
|
its('minutes') { should cmp '0' }
|
||||||
|
|
Loading…
Reference in a new issue