mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
Merge branch 'cw/rename-resources' into core-onramp
This commit is contained in:
commit
d696c8b83f
17 changed files with 187 additions and 335 deletions
|
@ -1,148 +0,0 @@
|
|||
---
|
||||
title: About the aws_vpc_subnet Resource
|
||||
---
|
||||
|
||||
# aws_vpc_subnet
|
||||
|
||||
Use the `aws_vpc_subnet` InSpec audit resource to test properties of a vpc subnet.
|
||||
|
||||
To test properties of a single VPC subnet, use the `aws_vpc_subnet` resource.
|
||||
|
||||
To test properties of all or a group of VPC subnets, use the `aws_vpc_subnets` resource.
|
||||
|
||||
<br>
|
||||
|
||||
## Syntax
|
||||
|
||||
An `aws_vpc_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-01234567', subnet_id: 'subnet-1234567') do
|
||||
it { should exist }
|
||||
its('cidr_block') { should eq ['10.0.1.0/24'] }
|
||||
end
|
||||
|
||||
<br>
|
||||
|
||||
## Resource Parameters
|
||||
|
||||
This InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
|
||||
|
||||
### vpc_id
|
||||
|
||||
A string identifying the VPC which contains zero or more subnets.
|
||||
|
||||
# This will error if there is more than the default SG
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678', 'subnet-1234567') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
### subnet_id
|
||||
|
||||
A string identifying the subnet that the VPC contains.
|
||||
|
||||
# This will error if there is more than the default SG
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678', subnet_id: 'subnet-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
<br>
|
||||
|
||||
## Properties
|
||||
|
||||
### assign_ipv_6_address_on_creation
|
||||
|
||||
Detects whether the network interface on the subnet accepts IPv6 addresses.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('assign_ipv_6_address_on_creation') { should eq false }
|
||||
end
|
||||
|
||||
### availability_zone
|
||||
|
||||
Provides the Availability Zone of the subnet.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('availability_zone') { should eq 'us-east-1c' }
|
||||
end
|
||||
|
||||
### available_ip_address_count
|
||||
|
||||
Provides the number of available IPv4 addresses on the subnet.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('available_ip_address_count') { should eq 251 }
|
||||
end
|
||||
|
||||
### cidr_block
|
||||
|
||||
Provides the block of ip addresses specified to the subnet.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('cidr_block') { should eq '10.0.1.0/24' }
|
||||
end
|
||||
|
||||
### default_for_az
|
||||
|
||||
Detects if this is the default subnet for the Availability Zone.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('default_for_az') { should eq false }
|
||||
end
|
||||
|
||||
### ipv_6_cidr_block_association_set
|
||||
|
||||
Provides information about the IPv6 cidr_block associatied with the subnet.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('ipv_6_cidr_block_association_set') { should eq [
|
||||
{
|
||||
"Ipv6CidrBlock": "2001:db8:1234:a101::/64",
|
||||
"AssociationId": "subnet-cidr-assoc-30e7e348",
|
||||
"Ipv6CidrBlockState": {
|
||||
"State": "ASSOCIATED"
|
||||
}
|
||||
}
|
||||
] }
|
||||
end
|
||||
|
||||
### map_public_ip_on_launch
|
||||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('map_public_ip_on_launch') { should eq false }
|
||||
end
|
||||
|
||||
### state
|
||||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('state') { should eq 'available' }
|
||||
end
|
||||
|
||||
### subnet_id
|
||||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('subnet_id') { should eq 'subnet-12345678' }
|
||||
end
|
||||
|
||||
### vpc_id
|
||||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
|
||||
its('vpc_id') { should eq 'vpc-12345678' }
|
||||
end
|
||||
|
||||
## Matchers
|
||||
|
||||
### exist
|
||||
|
||||
The `exist` matcher indicates that a subnet exists for the specified vpc.
|
||||
|
||||
describe aws_vpc_subnet(vpc_id: 'vpc-1234567', subnet_id: 'subnet-12345678') do
|
||||
it { should exist }
|
||||
end
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: About the aws_ec2_security_group Resource
|
||||
title: About the aws_security_group Resource
|
||||
---
|
||||
|
||||
# aws_ec2_security_group
|
||||
# aws_security_group
|
||||
|
||||
Use the `aws_ec2_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
|
||||
Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
|
||||
|
||||
SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security.
|
||||
|
||||
|
@ -12,17 +12,17 @@ SGs are a networking construct which contain ingress and egress rules for networ
|
|||
|
||||
## Syntax
|
||||
|
||||
An `aws_ec2_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised.
|
||||
An `aws_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised.
|
||||
|
||||
# Ensure you have a security group with a certain ID
|
||||
# This is "safe" - SG IDs are unique within an account
|
||||
describe aws_ec2_security_group('sg-12345678') do
|
||||
describe aws_security_group('sg-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Ensure you have a security group with a certain ID
|
||||
# This uses hash syntax
|
||||
describe aws_ec2_security_group(id: 'sg-12345678') do
|
||||
describe aws_security_group(id: 'sg-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -32,7 +32,7 @@ An `aws_ec2_security_group` resource block uses resource parameters to search fo
|
|||
|
||||
The following examples show how to use this InSpec audit resource.
|
||||
|
||||
As this is the initial release of `aws_ec2_security_group`, its limited functionality precludes examples.
|
||||
As this is the initial release of `aws_security_group`, its limited functionality precludes examples.
|
||||
|
||||
<br>
|
||||
|
||||
|
@ -45,17 +45,17 @@ This InSpec resource accepts the following parameters, which are used to search
|
|||
The Security Group ID of the Security Group. This is of the format `sg-` followed by 8 hexadecimal characters. The ID is unique within your AWS account; using ID ensures that you will never match more than one SG. The ID is also the default resource parameter, so you may omit the hash syntax.
|
||||
|
||||
# Using Hash syntax
|
||||
describe aws_ec2_security_group(id: 'sg-12345678') do
|
||||
describe aws_security_group(id: 'sg-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# group_id is an alias for id
|
||||
describe aws_ec2_security_group(group_id: 'sg-12345678') do
|
||||
describe aws_security_group(group_id: 'sg-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Or omit hash syntax, rely on it being the default parameter
|
||||
describe aws_ec2_security_group('sg-12345678') do
|
||||
describe aws_security_group('sg-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -64,12 +64,12 @@ The Security Group ID of the Security Group. This is of the format `sg-` follow
|
|||
The string Name of the Security Group. Every VPC has a security group named 'default'. Names are unique within a VPC, but not within an AWS account.
|
||||
|
||||
# Get default security group for a certain VPC
|
||||
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
|
||||
describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# This will throw an error if there is a 'backend' SG in more than one VPC.
|
||||
describe aws_ec2_security_group(group_name: 'backend') do
|
||||
describe aws_security_group(group_name: 'backend') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -78,7 +78,7 @@ The string Name of the Security Group. Every VPC has a security group named 'de
|
|||
A string identifying the VPC which contains the security group. Since VPCs commonly contain many SGs, you should add additional parameters to ensure you find exactly one SG.
|
||||
|
||||
# This will error if there is more than the default SG
|
||||
describe aws_ec2_security_group(vpc_id: 'vpc-12345678') do
|
||||
describe aws_security_group(vpc_id: 'vpc-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -91,12 +91,12 @@ A string identifying the VPC which contains the security group. Since VPCs comm
|
|||
The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist.
|
||||
|
||||
# You will always have at least one SG, the VPC default SG
|
||||
describe aws_ec2_security_group(group_name: 'default')
|
||||
describe aws_security_group(group_name: 'default')
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Make sure we don't have any security groups with the name 'nogood'
|
||||
describe aws_ec2_security_group(group_name: 'nogood')
|
||||
describe aws_security_group(group_name: 'nogood')
|
||||
it { should_not exist }
|
||||
end
|
||||
|
||||
|
@ -107,19 +107,19 @@ The control will pass if the specified SG was found. Use should_not if you want
|
|||
Provides the Security Group ID.
|
||||
|
||||
# Inspect the group ID of the default group
|
||||
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
|
||||
describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
|
||||
its('group_id') { should cmp 'sg-12345678' }
|
||||
end
|
||||
|
||||
# Store the group ID in a Ruby variable for use elsewhere
|
||||
sg_id = aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id
|
||||
sg_id = aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id
|
||||
|
||||
### group_name
|
||||
|
||||
A String reflecting the name that was given to the SG at creation time.
|
||||
|
||||
# Inspect the group name of a particular group
|
||||
describe aws_ec2_security_group('sg-12345678') do
|
||||
describe aws_security_group('sg-12345678') do
|
||||
its('group_name') { should cmp 'my_group' }
|
||||
end
|
||||
|
||||
|
@ -128,7 +128,7 @@ A String reflecting the name that was given to the SG at creation time.
|
|||
A String reflecting the human-meaningful description that was given to the SG at creation time.
|
||||
|
||||
# Require a description of a particular group
|
||||
describe aws_ec2_security_group('sg-12345678') do
|
||||
describe aws_security_group('sg-12345678') do
|
||||
its('description') { should_not be_empty }
|
||||
end
|
||||
|
||||
|
@ -137,6 +137,6 @@ A String reflecting the human-meaningful description that was given to the SG at
|
|||
A String in the format 'vpc-' followed by 8 hexadecimal characters reflecting VPC that contains the security group.
|
||||
|
||||
# Inspec the VPC ID of a particular group
|
||||
describe aws_ec2_security_group('sg-12345678') do
|
||||
describe aws_security_group('sg-12345678') do
|
||||
its('vpc_id') { should cmp 'vpc-12345678' }
|
||||
end
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: About the aws_ec2_security_groups Resource
|
||||
title: About the aws_security_groups Resource
|
||||
---
|
||||
|
||||
# aws_ec2_security_groups
|
||||
# aws_security_groups
|
||||
|
||||
Use the `aws_ec2_security_groups` InSpec audit resource to test properties of some or all security groups.
|
||||
Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
|
||||
|
||||
Security groups are a networking construct which contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
|
||||
|
||||
|
@ -12,10 +12,10 @@ Security groups are a networking construct which contain ingress and egress rule
|
|||
|
||||
## Syntax
|
||||
|
||||
An `aws_ec2_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
|
||||
An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
|
||||
|
||||
# Verify you have more than the default security group
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
its('entries.count') { should be > 1 }
|
||||
end
|
||||
|
||||
|
@ -25,7 +25,7 @@ An `aws_ec2_security_groups` resource block uses an optional filter to select a
|
|||
|
||||
The following examples show how to use this InSpec audit resource.
|
||||
|
||||
As this is the initial release of `aws_ec2_security_groups`, its limited functionality precludes examples.
|
||||
As this is the initial release of `aws_security_groups`, its limited functionality precludes examples.
|
||||
|
||||
<br>
|
||||
|
||||
|
@ -36,7 +36,7 @@ As this is the initial release of `aws_ec2_security_groups`, its limited functio
|
|||
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
|
||||
|
||||
# You will always have at least one SG, the VPC default SG
|
||||
describe aws_ec2_security_groups
|
||||
describe aws_security_groups
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -47,7 +47,7 @@ The control will pass if the filter returns at least one result. Use should_not
|
|||
A string identifying the VPC which contains the security group.
|
||||
|
||||
# Look for a particular security group in just one VPC
|
||||
describe aws_ec2_security_groups.where( vpc_id: 'vpc-12345678') do
|
||||
describe aws_security_groups.where( vpc_id: 'vpc-12345678') do
|
||||
its('group_ids') { should include('sg-abcdef12')}
|
||||
end
|
||||
|
||||
|
@ -56,7 +56,7 @@ A string identifying the VPC which contains the security group.
|
|||
A string identifying a group. Since groups are contained in VPCs, group names are unique within the AWS account, but not across VPCs.
|
||||
|
||||
# Examine the default security group in all VPCs
|
||||
describe aws_ec2_security_groups.where( group_name: 'default') do
|
||||
describe aws_security_groups.where( group_name: 'default') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -67,7 +67,7 @@ A string identifying a group. Since groups are contained in VPCs, group names a
|
|||
|
||||
Provides a list of all security group IDs matched.
|
||||
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
its('group_ids') { should include('sg-12345678') }
|
||||
end
|
||||
|
||||
|
@ -76,6 +76,6 @@ Provides a list of all security group IDs matched.
|
|||
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
|
||||
|
||||
# Allow at most 100 security groups on the account
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
its('entries.count') { should be <= 100}
|
||||
end
|
|
@ -1,22 +1,22 @@
|
|||
---
|
||||
title: About the aws_vpc_subnet Resource
|
||||
title: About the aws_subnet Resource
|
||||
---
|
||||
|
||||
# aws_vpc_subnet
|
||||
# aws_subnet
|
||||
|
||||
Use the `aws_vpc_subnet` InSpec audit resource to test properties of a vpc subnet.
|
||||
Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
|
||||
|
||||
To test properties of a single VPC subnet, use the `aws_vpc_subnet` resource.
|
||||
To test properties of a single VPC subnet, use the `aws_subnet` resource.
|
||||
|
||||
To test properties of all or a group of VPC subnets, use the `aws_vpc_subnets` resource.
|
||||
To test properties of all or a group of VPC subnets, use the `aws_subnets` resource.
|
||||
|
||||
<br>
|
||||
|
||||
## Syntax
|
||||
|
||||
An `aws_vpc_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
|
||||
An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-1234567') do
|
||||
describe aws_subnet(subnet_id: 'subnet-1234567') do
|
||||
it { should exist }
|
||||
its('cidr_block') { should eq '10.0.1.0/24' }
|
||||
end
|
||||
|
@ -32,7 +32,7 @@ This InSpec resource accepts the following parameters, which are used to search
|
|||
A string identifying the subnet that the VPC contains.
|
||||
|
||||
# This will error if there is more than the default SG
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -44,7 +44,7 @@ A string identifying the subnet that the VPC contains.
|
|||
|
||||
Detects whether the network interface on the subnet accepts IPv6 addresses.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should be_assigning_ipv_6_address_on_creation }
|
||||
end
|
||||
|
||||
|
@ -52,7 +52,7 @@ Detects whether the network interface on the subnet accepts IPv6 addresses.
|
|||
|
||||
Provides the current state of the subnet.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should be_available }
|
||||
end
|
||||
|
||||
|
@ -60,7 +60,7 @@ Provides the current state of the subnet.
|
|||
|
||||
Detects if this is the default subnet for the Availability Zone.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should be_default_for_az }
|
||||
end
|
||||
|
||||
|
@ -68,7 +68,7 @@ Detects if this is the default subnet for the Availability Zone.
|
|||
|
||||
The `exist` matcher indicates that a subnet exists for the specified vpc.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -76,7 +76,7 @@ The `exist` matcher indicates that a subnet exists for the specified vpc.
|
|||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should be_mapping_public_ip_on_launch }
|
||||
end
|
||||
|
||||
|
@ -86,7 +86,7 @@ Provides the ID of the VPC the subnet is in.
|
|||
|
||||
Provides the Availability Zone of the subnet.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
its('availability_zone') { should eq 'us-east-1c' }
|
||||
end
|
||||
|
||||
|
@ -94,7 +94,7 @@ Provides the Availability Zone of the subnet.
|
|||
|
||||
Provides the number of available IPv4 addresses on the subnet.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
its('available_ip_address_count') { should eq 251 }
|
||||
end
|
||||
|
||||
|
@ -102,7 +102,7 @@ Provides the number of available IPv4 addresses on the subnet.
|
|||
|
||||
Provides the block of ip addresses specified to the subnet.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
its('cidr_block') { should eq '10.0.1.0/24' }
|
||||
end
|
||||
|
||||
|
@ -110,7 +110,7 @@ Provides the block of ip addresses specified to the subnet.
|
|||
|
||||
Provides the ID of the Subnet.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
its('subnet_id') { should eq 'subnet-12345678' }
|
||||
end
|
||||
|
||||
|
@ -118,6 +118,6 @@ Provides the ID of the Subnet.
|
|||
|
||||
Provides the ID of the VPC the subnet is in.
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
its('vpc_id') { should eq 'vpc-12345678' }
|
||||
end
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
title: About the aws_vpc_subnets Resource
|
||||
title: About the aws_subnets Resource
|
||||
---
|
||||
|
||||
# aws_vpc_subnets
|
||||
# aws_subnets
|
||||
|
||||
Use the `aws_vpc_subnets` InSpec audit resource to test properties of some or all subnets.
|
||||
Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
|
||||
|
||||
Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
|
||||
VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
|
||||
|
@ -14,10 +14,10 @@ Separating IP addresses allows for protection if there is a failure in one avail
|
|||
|
||||
## Syntax
|
||||
|
||||
An `aws_vpc_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
|
||||
An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
|
||||
|
||||
# Test all subnets within a single vpc
|
||||
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678') do
|
||||
describe aws_subnets.where(vpc_id: 'vpc-12345678') do
|
||||
its('subnet_ids') { should include 'subnet-12345678' }
|
||||
its('subnet_ids') { should include 'subnet-98765432' }
|
||||
end
|
||||
|
@ -28,7 +28,7 @@ An `aws_vpc_subnets` resource block uses an optional filter to select a group of
|
|||
|
||||
The following examples show how to use this InSpec audit resource.
|
||||
|
||||
As this is the initial release of `aws_vpc_subnets`, its limited functionality precludes examples.
|
||||
As this is the initial release of `aws_subnets`, its limited functionality precludes examples.
|
||||
|
||||
<br>
|
||||
|
||||
|
@ -39,12 +39,12 @@ As this is the initial release of `aws_vpc_subnets`, its limited functionality p
|
|||
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
|
||||
|
||||
# You dont always have subnets, so you can test if there are any.
|
||||
describe aws_vpc_subnets
|
||||
describe aws_subnets
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Test that there are subnets in a vpc
|
||||
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678')
|
||||
describe aws_subnets.where(vpc_id: 'vpc-12345678')
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -55,7 +55,7 @@ The control will pass if the filter returns at least one result. Use should_not
|
|||
A string identifying the VPC which may or may not contain subnets.
|
||||
|
||||
# Look for all subnts within a vpc.
|
||||
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
its('subnet_ids') { should include 'subnet-12345678' }
|
||||
its('subnet_ids') { should include 'subnet-98765432' }
|
||||
end
|
||||
|
@ -65,7 +65,7 @@ A string identifying the VPC which may or may not contain subnets.
|
|||
A string identifying a specific subnet.
|
||||
|
||||
# Examine a specific subnet
|
||||
describe aws_vpc_subnets.where(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnets.where(subnet_id: 'subnet-12345678') do
|
||||
its('cidr_blocks') { should eq ['10.0.1.0/24'] }
|
||||
end
|
||||
|
||||
|
@ -77,7 +77,7 @@ A string identifying a specific subnet.
|
|||
Provides a string that contains the cidr block of ip addresses that can be given in the subnet.
|
||||
|
||||
# Examine a specific subnets cidr_blocks
|
||||
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnets.where( subnet_id: 'subnet-12345678') do
|
||||
its('cidr_blocks') { should eq ['10.0.1.0/24'] }
|
||||
end
|
||||
|
||||
|
@ -86,7 +86,7 @@ Provides a string that contains the cidr block of ip addresses that can be given
|
|||
Provides an array containing a string of the vpc_id associated with a subnet.
|
||||
|
||||
# Examine a specific subnets VPC IDS
|
||||
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnets.where( subnet_id: 'subnet-12345678') do
|
||||
its('vpc_ids') { should include 'vpc-12345678' }
|
||||
end
|
||||
|
||||
|
@ -95,7 +95,7 @@ Provides an array containing a string of the vpc_id associated with a subnet.
|
|||
Provides an array of strings containing the subnet IDs associated with a vpc.
|
||||
|
||||
# Examine a specific vpcs Subnet IDs
|
||||
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
its('subnet_ids') { should include 'subnet-12345678' }
|
||||
its('subnet_ids') { should include 'subnet-98765432' }
|
||||
end
|
||||
|
@ -105,6 +105,6 @@ Provides an array of strings containing the subnet IDs associated with a vpc.
|
|||
Provides an array of strings including whether the subnets are available or not.
|
||||
|
||||
# Examine a specific vpcs Subnet IDs
|
||||
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
|
||||
its('states') { should_not include 'pending' }
|
||||
end
|
|
@ -1,10 +1,10 @@
|
|||
require '_aws'
|
||||
|
||||
class AwsEc2SecurityGroup < Inspec.resource(1)
|
||||
name 'aws_ec2_security_group'
|
||||
class AwsSecurityGroup < Inspec.resource(1)
|
||||
name 'aws_security_group'
|
||||
desc 'Verifies settings for an individual AWS Security Group.'
|
||||
example '
|
||||
describe aws_ec2_security_group("sg-12345678") do
|
||||
describe aws_security_group("sg-12345678") do
|
||||
it { should exist }
|
||||
end
|
||||
'
|
||||
|
@ -31,17 +31,17 @@ class AwsEc2SecurityGroup < Inspec.resource(1)
|
|||
recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
|
||||
|
||||
if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
|
||||
raise ArgumentError, 'aws_ec2_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
|
||||
raise ArgumentError, 'aws_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
|
||||
end
|
||||
|
||||
if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
|
||||
raise ArgumentError, 'aws_ec2_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
|
||||
raise ArgumentError, 'aws_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
|
||||
end
|
||||
|
||||
validated_params = recognized_params
|
||||
|
||||
if validated_params.empty?
|
||||
raise ArgumentError, 'You must provide parameters to aws_ec2_security_group, such as group_name, group_id, or vpc_id.g_group.'
|
||||
raise ArgumentError, 'You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group.'
|
||||
end
|
||||
validated_params
|
||||
end
|
|
@ -1,16 +1,16 @@
|
|||
require '_aws'
|
||||
|
||||
class AwsEc2SecurityGroups < Inspec.resource(1)
|
||||
name 'aws_ec2_security_groups'
|
||||
class AwsSecurityGroups < Inspec.resource(1)
|
||||
name 'aws_security_groups'
|
||||
desc 'Verifies settings for AWS Security Groups in bulk'
|
||||
example <<-EOX
|
||||
# Verify that you have security groups defined
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Verify you have more than the default security group
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
its('entries.count') { should be > 1 }
|
||||
end
|
||||
EOX
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
require '_aws'
|
||||
|
||||
class AwsVpcSubnet < Inspec.resource(1)
|
||||
name 'aws_vpc_subnet'
|
||||
class AwsSubnet < Inspec.resource(1)
|
||||
name 'aws_subnet'
|
||||
desc 'This resource is used to test the attributes of a VPC subnet'
|
||||
example "
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
|
||||
describe aws_subnet(subnet_id: 'subnet-12345678') do
|
||||
it { should exist }
|
||||
its('cidr_block') { should eq '10.0.1.0/24' }
|
||||
end
|
||||
|
@ -38,11 +38,11 @@ class AwsVpcSubnet < Inspec.resource(1)
|
|||
|
||||
# Make sure the subnet_id parameter was specified and in the correct form.
|
||||
if validated_params.key?(:subnet_id) && validated_params[:subnet_id] !~ /^subnet\-[0-9a-f]{8}/
|
||||
raise ArgumentError, 'aws_vpc_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.'
|
||||
raise ArgumentError, 'aws_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.'
|
||||
end
|
||||
|
||||
if validated_params.empty?
|
||||
raise ArgumentError, 'You must provide a subnet_id to aws_vpc_subnet.'
|
||||
raise ArgumentError, 'You must provide a subnet_id to aws_subnet.'
|
||||
end
|
||||
|
||||
validated_params
|
|
@ -1,11 +1,11 @@
|
|||
require '_aws'
|
||||
|
||||
class AwsVpcSubnets < Inspec.resource(1)
|
||||
name 'aws_vpc_subnets'
|
||||
class AwsSubnets < Inspec.resource(1)
|
||||
name 'aws_subnets'
|
||||
desc 'Verifies settings for VPC Subnets in bulk'
|
||||
example "
|
||||
# you should be able to test the cidr_block of a subnet
|
||||
describe aws_vpc_subnets.where(vpc_id: 'vpc-123456789') do
|
||||
describe aws_subnets.where(vpc_id: 'vpc-123456789') do
|
||||
its('subnet_ids') { should eq ['subnet-12345678', 'subnet-87654321'] }
|
||||
its('cidr_blocks') { should eq ['172.31.96.0/20'] }
|
||||
its('states') { should_not include 'pending' }
|
|
@ -12,28 +12,28 @@ fixtures = {}
|
|||
)
|
||||
end
|
||||
|
||||
control "aws_ec2_security_group recall of default VPC" do
|
||||
control "aws_security_group recall of default VPC" do
|
||||
|
||||
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do
|
||||
describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe aws_ec2_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
describe aws_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe aws_ec2_security_group(group_name: 'no-such-security-group') do
|
||||
describe aws_security_group(group_name: 'no-such-security-group') do
|
||||
it { should_not exist }
|
||||
end
|
||||
end
|
||||
|
||||
control "aws_ec2_security_group properties" do
|
||||
control "aws_security_group properties" do
|
||||
# You should be able to find the default security group's ID.
|
||||
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do
|
||||
describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
|
||||
its('group_id') { should cmp fixtures['ec2_security_group_default_group_id'] }
|
||||
end
|
||||
|
||||
describe aws_ec2_security_group(fixtures['ec2_security_group_alpha_group_id']) do
|
||||
describe aws_security_group(fixtures['ec2_security_group_alpha_group_id']) do
|
||||
its('group_name') { should cmp fixtures['ec2_security_group_alpha_group_name'] }
|
||||
its('vpc_id') { should cmp fixtures['ec2_security_group_default_vpc_id'] }
|
||||
its('description') { should cmp 'SG alpha' }
|
|
@ -11,7 +11,7 @@ fixtures = {}
|
|||
end
|
||||
|
||||
control "aws_security_groups client-side filtering" do
|
||||
all_groups = aws_ec2_security_groups
|
||||
all_groups = aws_security_groups
|
||||
|
||||
# You should always have at least one security group
|
||||
describe all_groups do
|
||||
|
@ -37,14 +37,14 @@ end
|
|||
|
||||
control "aws_security_groups properties" do
|
||||
# You should be able to find the default security group's ID.
|
||||
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
describe aws_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
|
||||
end
|
||||
end
|
||||
|
||||
control "aws_ec2_security_groups" do
|
||||
control "aws_security_groups" do
|
||||
# Verify you have more than the default security group
|
||||
describe aws_ec2_security_groups do
|
||||
describe aws_security_groups do
|
||||
its('entries.count') { should be >= 2 }
|
||||
end
|
||||
end
|
|
@ -10,24 +10,24 @@ fixtures = {}
|
|||
)
|
||||
end
|
||||
|
||||
control "aws_vpc_subnet recall of subnet_01" do
|
||||
control "aws_subnet recall of subnet_01" do
|
||||
# Test hash given subnet_id
|
||||
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
# Test scalar works
|
||||
describe aws_vpc_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
describe aws_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
describe aws_vpc_subnet(subnet_id: 'subnet-00000000') do
|
||||
describe aws_subnet(subnet_id: 'subnet-00000000') do
|
||||
it { should_not exist }
|
||||
end
|
||||
end
|
||||
|
||||
control "aws_vpc_subnet properties of subnet_01" do
|
||||
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
control "aws_subnet properties of subnet_01" do
|
||||
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
its('vpc_id') { should eq fixtures['ec2_security_group_default_vpc_id'] }
|
||||
its('subnet_id') { should eq fixtures['ec2_default_vpc_subnet_01_id'] }
|
||||
its('cidr_block') { should eq '172.31.96.0/20' }
|
||||
|
@ -37,8 +37,8 @@ control "aws_vpc_subnet properties of subnet_01" do
|
|||
end
|
||||
end
|
||||
|
||||
control "aws_vpc_subnet matchers of subnet_01" do
|
||||
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
control "aws_subnet matchers of subnet_01" do
|
||||
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
|
||||
it { should be_available }
|
||||
it { should_not be_mapping_public_ip_on_launch }
|
||||
it { should_not be_default_for_az }
|
|
@ -10,8 +10,8 @@ fixtures = {}
|
|||
)
|
||||
end
|
||||
|
||||
control "aws_vpc_subnets recall" do
|
||||
all_subnets = aws_vpc_subnets
|
||||
control "aws_subnets recall" do
|
||||
all_subnets = aws_subnets
|
||||
|
||||
# You should be able to get a specific subnet given its id
|
||||
describe all_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
|
||||
|
@ -32,17 +32,17 @@ control "aws_vpc_subnets recall" do
|
|||
end
|
||||
end
|
||||
|
||||
control "aws_vpc_subnets properties of default VPC subnet" do
|
||||
control "aws_subnets properties of default VPC subnet" do
|
||||
# you should be able to test the cidr_block of a subnet
|
||||
describe aws_vpc_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
|
||||
describe aws_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
|
||||
its('cidr_blocks') { should include '172.31.96.0/20' }
|
||||
its('states') { should_not include 'pending' }
|
||||
end
|
||||
end
|
||||
|
||||
control "aws_vpc_subnets properties of default VPC" do
|
||||
control "aws_subnets properties of default VPC" do
|
||||
# you should be able to test the cidr_block of a subnet
|
||||
describe aws_vpc_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
describe aws_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
|
||||
its('cidr_blocks') { should include '172.31.96.0/20' }
|
||||
its('states') { should include 'available' }
|
||||
end
|
|
@ -1,6 +1,6 @@
|
|||
require 'ostruct'
|
||||
require 'helper'
|
||||
require 'aws_ec2_security_group'
|
||||
require 'aws_security_group'
|
||||
|
||||
# MESGSB = MockEc2SecurityGroupSingleBackend
|
||||
# Abbreviation not used outside this file
|
||||
|
@ -8,17 +8,17 @@ require 'aws_ec2_security_group'
|
|||
#=============================================================================#
|
||||
# Constructor Tests
|
||||
#=============================================================================#
|
||||
class AwsESGSConstructor < Minitest::Test
|
||||
class AwsSGSConstructor < Minitest::Test
|
||||
def setup
|
||||
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Empty)
|
||||
AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Empty)
|
||||
end
|
||||
|
||||
def test_constructor_no_args_raises
|
||||
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new }
|
||||
assert_raises(ArgumentError) { AwsSecurityGroup.new }
|
||||
end
|
||||
|
||||
def test_constructor_accept_scalar_param
|
||||
AwsEc2SecurityGroup.new('sg-12345678')
|
||||
AwsSecurityGroup.new('sg-12345678')
|
||||
end
|
||||
|
||||
def test_constructor_expected_well_formed_args
|
||||
|
@ -28,7 +28,7 @@ class AwsESGSConstructor < Minitest::Test
|
|||
vpc_id: 'vpc-1234abcd',
|
||||
group_name: 'some-group',
|
||||
}.each do |param, value|
|
||||
AwsEc2SecurityGroup.new(param => value)
|
||||
AwsSecurityGroup.new(param => value)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -38,12 +38,12 @@ class AwsESGSConstructor < Minitest::Test
|
|||
group_id: '1234abcd',
|
||||
vpc_id: 'vpc_1234abcd',
|
||||
}.each do |param, value|
|
||||
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(param => value) }
|
||||
assert_raises(ArgumentError) { AwsSecurityGroup.new(param => value) }
|
||||
end
|
||||
end
|
||||
|
||||
def test_constructor_reject_unknown_resource_params
|
||||
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(beep: 'boop') }
|
||||
assert_raises(ArgumentError) { AwsSecurityGroup.new(beep: 'boop') }
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -51,29 +51,29 @@ end
|
|||
# Properties
|
||||
#=============================================================================#
|
||||
|
||||
class AwsESGSProperties < Minitest::Test
|
||||
class AwsSGSProperties < Minitest::Test
|
||||
def setup
|
||||
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Basic)
|
||||
AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Basic)
|
||||
end
|
||||
|
||||
def test_property_group_id
|
||||
assert_equal('sg-12345678', AwsEc2SecurityGroup.new('sg-12345678').group_id)
|
||||
assert_nil(AwsEc2SecurityGroup.new(group_name: 'my-group').group_id)
|
||||
assert_equal('sg-12345678', AwsSecurityGroup.new('sg-12345678').group_id)
|
||||
assert_nil(AwsSecurityGroup.new(group_name: 'my-group').group_id)
|
||||
end
|
||||
|
||||
def test_property_group_name
|
||||
assert_equal('beta', AwsEc2SecurityGroup.new('sg-12345678').group_name)
|
||||
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').group_name)
|
||||
assert_equal('beta', AwsSecurityGroup.new('sg-12345678').group_name)
|
||||
assert_nil(AwsSecurityGroup.new('sg-87654321').group_name)
|
||||
end
|
||||
|
||||
def test_property_vpc_id
|
||||
assert_equal('vpc-aaaabbbb', AwsEc2SecurityGroup.new('sg-aaaabbbb').vpc_id)
|
||||
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').vpc_id)
|
||||
assert_equal('vpc-aaaabbbb', AwsSecurityGroup.new('sg-aaaabbbb').vpc_id)
|
||||
assert_nil(AwsSecurityGroup.new('sg-87654321').vpc_id)
|
||||
end
|
||||
|
||||
def test_property_description
|
||||
assert_equal('Awesome Group', AwsEc2SecurityGroup.new('sg-12345678').description)
|
||||
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').description)
|
||||
assert_equal('Awesome Group', AwsSecurityGroup.new('sg-12345678').description)
|
||||
assert_nil(AwsSecurityGroup.new('sg-87654321').description)
|
||||
end
|
||||
|
||||
end
|
|
@ -1,48 +1,48 @@
|
|||
require 'ostruct'
|
||||
require 'helper'
|
||||
require 'aws_ec2_security_groups'
|
||||
require 'aws_security_groups'
|
||||
|
||||
# MESGB = MockEc2SecurityGroupBackend
|
||||
# MESGB = MockSecurityGroupBackend
|
||||
# Abbreviation not used outside this file
|
||||
|
||||
#=============================================================================#
|
||||
# Constructor Tests
|
||||
#=============================================================================#
|
||||
class AwsESGConstructor < Minitest::Test
|
||||
class AwsSGConstructor < Minitest::Test
|
||||
def setup
|
||||
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Empty)
|
||||
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Empty)
|
||||
end
|
||||
|
||||
def test_constructor_no_args_ok
|
||||
AwsEc2SecurityGroups.new
|
||||
AwsSecurityGroups.new
|
||||
end
|
||||
|
||||
def test_constructor_reject_unknown_resource_params
|
||||
assert_raises(ArgumentError) { AwsEc2SecurityGroups.new(beep: 'boop') }
|
||||
assert_raises(ArgumentError) { AwsSecurityGroups.new(beep: 'boop') }
|
||||
end
|
||||
end
|
||||
|
||||
#=============================================================================#
|
||||
# Filter Criteria
|
||||
#=============================================================================#
|
||||
class AwsESGFilterCriteria < Minitest::Test
|
||||
class AwsSGFilterCriteria < Minitest::Test
|
||||
def setup
|
||||
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic)
|
||||
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
|
||||
end
|
||||
|
||||
def test_filter_vpc_id
|
||||
hit = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-12345678')
|
||||
hit = AwsSecurityGroups.new.where(vpc_id: 'vpc-12345678')
|
||||
assert(hit.exists?)
|
||||
|
||||
miss = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-87654321')
|
||||
miss = AwsSecurityGroups.new.where(vpc_id: 'vpc-87654321')
|
||||
refute(miss.exists?)
|
||||
end
|
||||
|
||||
def test_filter_group_name
|
||||
hit = AwsEc2SecurityGroups.new.where(group_name: 'alpha')
|
||||
hit = AwsSecurityGroups.new.where(group_name: 'alpha')
|
||||
assert(hit.exists?)
|
||||
|
||||
miss = AwsEc2SecurityGroups.new.where(group_name: 'nonesuch')
|
||||
miss = AwsSecurityGroups.new.where(group_name: 'nonesuch')
|
||||
refute(miss.exists?)
|
||||
end
|
||||
|
||||
|
@ -51,13 +51,13 @@ end
|
|||
#=============================================================================#
|
||||
# Properties
|
||||
#=============================================================================#
|
||||
class AwsESGProperties < Minitest::Test
|
||||
class AwsSGProperties < Minitest::Test
|
||||
def setup
|
||||
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic)
|
||||
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
|
||||
end
|
||||
|
||||
def test_property_group_ids
|
||||
basic = AwsEc2SecurityGroups.new
|
||||
basic = AwsSecurityGroups.new
|
||||
assert_kind_of(Array, basic.group_ids)
|
||||
assert(basic.group_ids.include?('sg-aaaabbbb'))
|
||||
refute(basic.group_ids.include?(nil))
|
|
@ -1,6 +1,6 @@
|
|||
# encoding: utf-8
|
||||
require 'helper'
|
||||
require 'aws_vpc_subnet'
|
||||
require 'aws_subnet'
|
||||
|
||||
# MVSSB = MockVpcSubnetSingleBackend
|
||||
# Abbreviation not used outside this file
|
||||
|
@ -8,21 +8,21 @@ require 'aws_vpc_subnet'
|
|||
#=============================================================================#
|
||||
# Constructor Tests
|
||||
#=============================================================================#
|
||||
class AwsVpcSubnetConstructorTest < Minitest::Test
|
||||
class AwsSubnetConstructorTest < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
end
|
||||
|
||||
def test_constructor_no_args_raises
|
||||
assert_raises(ArgumentError) { AwsVpcSubnet.new }
|
||||
assert_raises(ArgumentError) { AwsSubnet.new }
|
||||
end
|
||||
|
||||
def test_constructor_expected_well_formed_args
|
||||
AwsVpcSubnet.new(subnet_id: 'subnet-12345678')
|
||||
AwsSubnet.new(subnet_id: 'subnet-12345678')
|
||||
end
|
||||
|
||||
def test_constructor_reject_unknown_resource_params
|
||||
assert_raises(ArgumentError) { AwsVpcSubnet.new(bla: 'blabla') }
|
||||
assert_raises(ArgumentError) { AwsSubnet.new(bla: 'blabla') }
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -30,17 +30,17 @@ end
|
|||
# Recall
|
||||
#=============================================================================#
|
||||
|
||||
class AwsVpcSubnetRecallTest < Minitest::Test
|
||||
class AwsSubnetRecallTest < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
end
|
||||
|
||||
def test_search_hit_via_hash_with_vpc_id_and_subnet_id_works
|
||||
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').exists?
|
||||
assert AwsSubnet.new(subnet_id: 'subnet-12345678').exists?
|
||||
end
|
||||
|
||||
def test_search_miss_is_not_an_exception
|
||||
refute AwsVpcSubnet.new(subnet_id: 'subnet-00000000').exists?
|
||||
refute AwsSubnet.new(subnet_id: 'subnet-00000000').exists?
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -48,62 +48,62 @@ end
|
|||
# properties
|
||||
#=============================================================================#
|
||||
|
||||
class AwsVpcSubnetPropertiesTest < Minitest::Test
|
||||
class AwsSubnetPropertiesTest < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
|
||||
end
|
||||
|
||||
def test_property_subnet_id
|
||||
assert_equal('subnet-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').subnet_id)
|
||||
assert_equal('subnet-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').subnet_id)
|
||||
end
|
||||
|
||||
def test_property_vpc_id
|
||||
assert_equal('vpc-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').vpc_id)
|
||||
assert_equal('vpc-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').vpc_id)
|
||||
end
|
||||
|
||||
def test_property_cidr_block
|
||||
assert_equal('10.0.1.0/24', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').cidr_block)
|
||||
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').cidr_block)
|
||||
assert_equal('10.0.1.0/24', AwsSubnet.new(subnet_id: 'subnet-12345678').cidr_block)
|
||||
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').cidr_block)
|
||||
end
|
||||
|
||||
def test_property_availability_zone
|
||||
assert_equal('us-east-1', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').availability_zone)
|
||||
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').availability_zone)
|
||||
assert_equal('us-east-1', AwsSubnet.new(subnet_id: 'subnet-12345678').availability_zone)
|
||||
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').availability_zone)
|
||||
end
|
||||
|
||||
def test_property_available_ip_address_count
|
||||
assert_equal(251, AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count)
|
||||
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count)
|
||||
assert_equal(251, AwsSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count)
|
||||
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count)
|
||||
end
|
||||
|
||||
def test_property_ipv_6_cidr_block_association_set
|
||||
assert_equal([], AwsVpcSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set)
|
||||
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set)
|
||||
assert_equal([], AwsSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set)
|
||||
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set)
|
||||
end
|
||||
end
|
||||
|
||||
#=============================================================================#
|
||||
# Test Matchers
|
||||
#=============================================================================#
|
||||
class AwsVpcSubnetPropertiesTest < Minitest::Test
|
||||
class AwsSubnetPropertiesTest < Minitest::Test
|
||||
def test_matcher_assign_ipv_6_address_on_creation
|
||||
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation
|
||||
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation
|
||||
assert AwsSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation
|
||||
refute AwsSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation
|
||||
end
|
||||
|
||||
def test_matcher_available
|
||||
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available?
|
||||
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').available?
|
||||
assert AwsSubnet.new(subnet_id: 'subnet-12345678').available?
|
||||
refute AwsSubnet.new(subnet_id: 'subnet-87654321').available?
|
||||
end
|
||||
|
||||
def test_matcher_default_for_az
|
||||
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').default_for_az?
|
||||
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').default_for_az?
|
||||
assert AwsSubnet.new(subnet_id: 'subnet-12345678').default_for_az?
|
||||
refute AwsSubnet.new(subnet_id: 'subnet-87654321').default_for_az?
|
||||
end
|
||||
|
||||
def test_matcher_map_public_ip_on_launch
|
||||
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch
|
||||
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch
|
||||
assert AwsSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch
|
||||
refute AwsSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch
|
||||
end
|
||||
end
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
require 'ostruct'
|
||||
require 'helper'
|
||||
require 'aws_vpc_subnets'
|
||||
require 'aws_subnets'
|
||||
|
||||
# MVSB = MockVpcSubnetsBackend
|
||||
# Abbreviation not used outside this file
|
||||
|
@ -8,42 +8,42 @@ require 'aws_vpc_subnets'
|
|||
#=============================================================================#
|
||||
# Constructor Tests
|
||||
#=============================================================================#
|
||||
class AwsVpcSubnetsConstructor < Minitest::Test
|
||||
class AwsSubnetsConstructor < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
end
|
||||
|
||||
def test_constructor_no_args_ok
|
||||
AwsVpcSubnets.new
|
||||
AwsSubnets.new
|
||||
end
|
||||
|
||||
def test_constructor_reject_unknown_resource_params
|
||||
assert_raises(ArgumentError) { AwsVpcSubnets.new(bla: 'blabla') }
|
||||
assert_raises(ArgumentError) { AwsSubnets.new(bla: 'blabla') }
|
||||
end
|
||||
end
|
||||
|
||||
#=============================================================================#
|
||||
# Filter Criteria
|
||||
#=============================================================================#
|
||||
class AwsVpcSubnetsFilterCriteria < Minitest::Test
|
||||
class AwsSubnetsFilterCriteria < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
end
|
||||
|
||||
def test_filter_vpc_id
|
||||
hit = AwsVpcSubnets.new.where(vpc_id: 'vpc-01234567')
|
||||
hit = AwsSubnets.new.where(vpc_id: 'vpc-01234567')
|
||||
assert(hit.exists?)
|
||||
|
||||
miss = AwsVpcSubnets.new.where(vpc_id: 'vpc-87654321')
|
||||
miss = AwsSubnets.new.where(vpc_id: 'vpc-87654321')
|
||||
refute(miss.exists?)
|
||||
|
||||
end
|
||||
|
||||
def test_filter_subnet_id
|
||||
hit = AwsVpcSubnets.new.where(subnet_id: 'subnet-01234567')
|
||||
hit = AwsSubnets.new.where(subnet_id: 'subnet-01234567')
|
||||
assert(hit.exists?)
|
||||
|
||||
miss = AwsVpcSubnets.new.where(subnet_id: 'subnet-98765432')
|
||||
miss = AwsSubnets.new.where(subnet_id: 'subnet-98765432')
|
||||
refute(miss.exists?)
|
||||
end
|
||||
|
||||
|
@ -52,34 +52,34 @@ end
|
|||
#=============================================================================#
|
||||
# Properties
|
||||
#=============================================================================#
|
||||
class AwsVpcSubnetProperties < Minitest::Test
|
||||
class AwsSubnetProperties < Minitest::Test
|
||||
def setup
|
||||
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
|
||||
end
|
||||
|
||||
def test_property_vpc_ids
|
||||
basic = AwsVpcSubnets.new
|
||||
basic = AwsSubnets.new
|
||||
assert_kind_of(Array, basic.vpc_ids)
|
||||
assert(basic.vpc_ids.include?('vpc-01234567'))
|
||||
refute(basic.vpc_ids.include?(nil))
|
||||
end
|
||||
|
||||
def test_property_subnet_ids
|
||||
basic = AwsVpcSubnets.new
|
||||
basic = AwsSubnets.new
|
||||
assert_kind_of(Array, basic.subnet_ids)
|
||||
assert(basic.subnet_ids.include?('subnet-01234567'))
|
||||
refute(basic.subnet_ids.include?(nil))
|
||||
end
|
||||
|
||||
def test_property_cidr_blocks
|
||||
basic = AwsVpcSubnets.new
|
||||
basic = AwsSubnets.new
|
||||
assert_kind_of(Array, basic.cidr_blocks)
|
||||
assert(basic.cidr_blocks.include?('10.0.1.0/24'))
|
||||
refute(basic.cidr_blocks.include?(nil))
|
||||
end
|
||||
|
||||
def test_property_states
|
||||
basic = AwsVpcSubnets.new
|
||||
basic = AwsSubnets.new
|
||||
assert_kind_of(Array, basic.states)
|
||||
assert(basic.states.include?('available'))
|
||||
refute(basic.states.include?(nil))
|
Loading…
Reference in a new issue