Merge branch 'cw/rename-resources' into core-onramp

This commit is contained in:
Clinton Wolfe 2018-02-08 16:59:31 -05:00
commit d696c8b83f
17 changed files with 187 additions and 335 deletions

View file

@ -1,148 +0,0 @@
---
title: About the aws_vpc_subnet Resource
---
# aws_vpc_subnet
Use the `aws_vpc_subnet` InSpec audit resource to test properties of a vpc subnet.
To test properties of a single VPC subnet, use the `aws_vpc_subnet` resource.
To test properties of all or a group of VPC subnets, use the `aws_vpc_subnets` resource.
<br>
## Syntax
An `aws_vpc_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
describe aws_vpc_subnet(vpc_id: 'vpc-01234567', subnet_id: 'subnet-1234567') do
it { should exist }
its('cidr_block') { should eq ['10.0.1.0/24'] }
end
<br>
## Resource Parameters
This InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
### vpc_id
A string identifying the VPC which contains zero or more subnets.
# This will error if there is more than the default SG
describe aws_vpc_subnet(vpc_id: 'vpc-12345678', 'subnet-1234567') do
it { should exist }
end
### subnet_id
A string identifying the subnet that the VPC contains.
# This will error if there is more than the default SG
describe aws_vpc_subnet(vpc_id: 'vpc-12345678', subnet_id: 'subnet-12345678') do
it { should exist }
end
<br>
## Properties
### assign_ipv_6_address_on_creation
Detects whether the network interface on the subnet accepts IPv6 addresses.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('assign_ipv_6_address_on_creation') { should eq false }
end
### availability_zone
Provides the Availability Zone of the subnet.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('availability_zone') { should eq 'us-east-1c' }
end
### available_ip_address_count
Provides the number of available IPv4 addresses on the subnet.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('available_ip_address_count') { should eq 251 }
end
### cidr_block
Provides the block of ip addresses specified to the subnet.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('cidr_block') { should eq '10.0.1.0/24' }
end
### default_for_az
Detects if this is the default subnet for the Availability Zone.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('default_for_az') { should eq false }
end
### ipv_6_cidr_block_association_set
Provides information about the IPv6 cidr_block associatied with the subnet.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('ipv_6_cidr_block_association_set') { should eq [
{
"Ipv6CidrBlock": "2001:db8:1234:a101::/64",
"AssociationId": "subnet-cidr-assoc-30e7e348",
"Ipv6CidrBlockState": {
"State": "ASSOCIATED"
}
}
] }
end
### map_public_ip_on_launch
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('map_public_ip_on_launch') { should eq false }
end
### state
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('state') { should eq 'available' }
end
### subnet_id
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('subnet_id') { should eq 'subnet-12345678' }
end
### vpc_id
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(vpc_id: 'vpc-12345678' , subnet_id: 'subnet-12345678') do
its('vpc_id') { should eq 'vpc-12345678' }
end
## Matchers
### exist
The `exist` matcher indicates that a subnet exists for the specified vpc.
describe aws_vpc_subnet(vpc_id: 'vpc-1234567', subnet_id: 'subnet-12345678') do
it { should exist }
end

View file

@ -1,10 +1,10 @@
---
title: About the aws_ec2_security_group Resource
title: About the aws_security_group Resource
---
# aws_ec2_security_group
# aws_security_group
Use the `aws_ec2_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security.
@ -12,17 +12,17 @@ SGs are a networking construct which contain ingress and egress rules for networ
## Syntax
An `aws_ec2_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised.
An `aws_security_group` resource block uses resource parameters to search for a Security Group, and then tests that Security Group. If no SGs match, no error is raised, but the `exists` matcher will return `false` and all properties will be `nil`. If more than one SG matches (due to vague search parameters), an error is raised.
# Ensure you have a security group with a certain ID
# This is "safe" - SG IDs are unique within an account
describe aws_ec2_security_group('sg-12345678') do
describe aws_security_group('sg-12345678') do
it { should exist }
end
# Ensure you have a security group with a certain ID
# This uses hash syntax
describe aws_ec2_security_group(id: 'sg-12345678') do
describe aws_security_group(id: 'sg-12345678') do
it { should exist }
end
@ -32,7 +32,7 @@ An `aws_ec2_security_group` resource block uses resource parameters to search fo
The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_ec2_security_group`, its limited functionality precludes examples.
As this is the initial release of `aws_security_group`, its limited functionality precludes examples.
<br>
@ -45,17 +45,17 @@ This InSpec resource accepts the following parameters, which are used to search
The Security Group ID of the Security Group. This is of the format `sg-` followed by 8 hexadecimal characters. The ID is unique within your AWS account; using ID ensures that you will never match more than one SG. The ID is also the default resource parameter, so you may omit the hash syntax.
# Using Hash syntax
describe aws_ec2_security_group(id: 'sg-12345678') do
describe aws_security_group(id: 'sg-12345678') do
it { should exist }
end
# group_id is an alias for id
describe aws_ec2_security_group(group_id: 'sg-12345678') do
describe aws_security_group(group_id: 'sg-12345678') do
it { should exist }
end
# Or omit hash syntax, rely on it being the default parameter
describe aws_ec2_security_group('sg-12345678') do
describe aws_security_group('sg-12345678') do
it { should exist }
end
@ -64,12 +64,12 @@ The Security Group ID of the Security Group. This is of the format `sg-` follow
The string Name of the Security Group. Every VPC has a security group named 'default'. Names are unique within a VPC, but not within an AWS account.
# Get default security group for a certain VPC
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
it { should exist }
end
# This will throw an error if there is a 'backend' SG in more than one VPC.
describe aws_ec2_security_group(group_name: 'backend') do
describe aws_security_group(group_name: 'backend') do
it { should exist }
end
@ -78,7 +78,7 @@ The string Name of the Security Group. Every VPC has a security group named 'de
A string identifying the VPC which contains the security group. Since VPCs commonly contain many SGs, you should add additional parameters to ensure you find exactly one SG.
# This will error if there is more than the default SG
describe aws_ec2_security_group(vpc_id: 'vpc-12345678') do
describe aws_security_group(vpc_id: 'vpc-12345678') do
it { should exist }
end
@ -91,12 +91,12 @@ A string identifying the VPC which contains the security group. Since VPCs comm
The control will pass if the specified SG was found. Use should_not if you want to verify that the specified SG does not exist.
# You will always have at least one SG, the VPC default SG
describe aws_ec2_security_group(group_name: 'default')
describe aws_security_group(group_name: 'default')
it { should exist }
end
# Make sure we don't have any security groups with the name 'nogood'
describe aws_ec2_security_group(group_name: 'nogood')
describe aws_security_group(group_name: 'nogood')
it { should_not exist }
end
@ -107,19 +107,19 @@ The control will pass if the specified SG was found. Use should_not if you want
Provides the Security Group ID.
# Inspect the group ID of the default group
describe aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
describe aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678') do
its('group_id') { should cmp 'sg-12345678' }
end
# Store the group ID in a Ruby variable for use elsewhere
sg_id = aws_ec2_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id
sg_id = aws_security_group(group_name: 'default', vpc_id: vpc_id: 'vpc-12345678').group_id
### group_name
A String reflecting the name that was given to the SG at creation time.
# Inspect the group name of a particular group
describe aws_ec2_security_group('sg-12345678') do
describe aws_security_group('sg-12345678') do
its('group_name') { should cmp 'my_group' }
end
@ -128,7 +128,7 @@ A String reflecting the name that was given to the SG at creation time.
A String reflecting the human-meaningful description that was given to the SG at creation time.
# Require a description of a particular group
describe aws_ec2_security_group('sg-12345678') do
describe aws_security_group('sg-12345678') do
its('description') { should_not be_empty }
end
@ -137,6 +137,6 @@ A String reflecting the human-meaningful description that was given to the SG at
A String in the format 'vpc-' followed by 8 hexadecimal characters reflecting VPC that contains the security group.
# Inspec the VPC ID of a particular group
describe aws_ec2_security_group('sg-12345678') do
describe aws_security_group('sg-12345678') do
its('vpc_id') { should cmp 'vpc-12345678' }
end

View file

@ -1,10 +1,10 @@
---
title: About the aws_ec2_security_groups Resource
title: About the aws_security_groups Resource
---
# aws_ec2_security_groups
# aws_security_groups
Use the `aws_ec2_security_groups` InSpec audit resource to test properties of some or all security groups.
Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
Security groups are a networking construct which contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
@ -12,10 +12,10 @@ Security groups are a networking construct which contain ingress and egress rule
## Syntax
An `aws_ec2_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
An `aws_security_groups` resource block uses an optional filter to select a group of security groups and then tests that group.
# Verify you have more than the default security group
describe aws_ec2_security_groups do
describe aws_security_groups do
its('entries.count') { should be > 1 }
end
@ -25,7 +25,7 @@ An `aws_ec2_security_groups` resource block uses an optional filter to select a
The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_ec2_security_groups`, its limited functionality precludes examples.
As this is the initial release of `aws_security_groups`, its limited functionality precludes examples.
<br>
@ -36,7 +36,7 @@ As this is the initial release of `aws_ec2_security_groups`, its limited functio
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
# You will always have at least one SG, the VPC default SG
describe aws_ec2_security_groups
describe aws_security_groups
it { should exist }
end
@ -47,7 +47,7 @@ The control will pass if the filter returns at least one result. Use should_not
A string identifying the VPC which contains the security group.
# Look for a particular security group in just one VPC
describe aws_ec2_security_groups.where( vpc_id: 'vpc-12345678') do
describe aws_security_groups.where( vpc_id: 'vpc-12345678') do
its('group_ids') { should include('sg-abcdef12')}
end
@ -56,7 +56,7 @@ A string identifying the VPC which contains the security group.
A string identifying a group. Since groups are contained in VPCs, group names are unique within the AWS account, but not across VPCs.
# Examine the default security group in all VPCs
describe aws_ec2_security_groups.where( group_name: 'default') do
describe aws_security_groups.where( group_name: 'default') do
it { should exist }
end
@ -67,7 +67,7 @@ A string identifying a group. Since groups are contained in VPCs, group names a
Provides a list of all security group IDs matched.
describe aws_ec2_security_groups do
describe aws_security_groups do
its('group_ids') { should include('sg-12345678') }
end
@ -76,6 +76,6 @@ Provides a list of all security group IDs matched.
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
# Allow at most 100 security groups on the account
describe aws_ec2_security_groups do
describe aws_security_groups do
its('entries.count') { should be <= 100}
end

View file

@ -1,22 +1,22 @@
---
title: About the aws_vpc_subnet Resource
title: About the aws_subnet Resource
---
# aws_vpc_subnet
# aws_subnet
Use the `aws_vpc_subnet` InSpec audit resource to test properties of a vpc subnet.
Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
To test properties of a single VPC subnet, use the `aws_vpc_subnet` resource.
To test properties of a single VPC subnet, use the `aws_subnet` resource.
To test properties of all or a group of VPC subnets, use the `aws_vpc_subnets` resource.
To test properties of all or a group of VPC subnets, use the `aws_subnets` resource.
<br>
## Syntax
An `aws_vpc_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
describe aws_vpc_subnet(subnet_id: 'subnet-1234567') do
describe aws_subnet(subnet_id: 'subnet-1234567') do
it { should exist }
its('cidr_block') { should eq '10.0.1.0/24' }
end
@ -32,7 +32,7 @@ This InSpec resource accepts the following parameters, which are used to search
A string identifying the subnet that the VPC contains.
# This will error if there is more than the default SG
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist }
end
@ -44,7 +44,7 @@ A string identifying the subnet that the VPC contains.
Detects whether the network interface on the subnet accepts IPv6 addresses.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_assigning_ipv_6_address_on_creation }
end
@ -52,7 +52,7 @@ Detects whether the network interface on the subnet accepts IPv6 addresses.
Provides the current state of the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_available }
end
@ -60,7 +60,7 @@ Provides the current state of the subnet.
Detects if this is the default subnet for the Availability Zone.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_default_for_az }
end
@ -68,7 +68,7 @@ Detects if this is the default subnet for the Availability Zone.
The `exist` matcher indicates that a subnet exists for the specified vpc.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist }
end
@ -76,7 +76,7 @@ The `exist` matcher indicates that a subnet exists for the specified vpc.
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_mapping_public_ip_on_launch }
end
@ -86,7 +86,7 @@ Provides the ID of the VPC the subnet is in.
Provides the Availability Zone of the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('availability_zone') { should eq 'us-east-1c' }
end
@ -94,7 +94,7 @@ Provides the Availability Zone of the subnet.
Provides the number of available IPv4 addresses on the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('available_ip_address_count') { should eq 251 }
end
@ -102,7 +102,7 @@ Provides the number of available IPv4 addresses on the subnet.
Provides the block of ip addresses specified to the subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('cidr_block') { should eq '10.0.1.0/24' }
end
@ -110,7 +110,7 @@ Provides the block of ip addresses specified to the subnet.
Provides the ID of the Subnet.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('subnet_id') { should eq 'subnet-12345678' }
end
@ -118,6 +118,6 @@ Provides the ID of the Subnet.
Provides the ID of the VPC the subnet is in.
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('vpc_id') { should eq 'vpc-12345678' }
end

View file

@ -1,10 +1,10 @@
---
title: About the aws_vpc_subnets Resource
title: About the aws_subnets Resource
---
# aws_vpc_subnets
# aws_subnets
Use the `aws_vpc_subnets` InSpec audit resource to test properties of some or all subnets.
Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
@ -14,10 +14,10 @@ Separating IP addresses allows for protection if there is a failure in one avail
## Syntax
An `aws_vpc_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
An `aws_subnets` resource block uses an optional filter to select a group of subnets and then tests that group.
# Test all subnets within a single vpc
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678') do
describe aws_subnets.where(vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' }
end
@ -28,7 +28,7 @@ An `aws_vpc_subnets` resource block uses an optional filter to select a group of
The following examples show how to use this InSpec audit resource.
As this is the initial release of `aws_vpc_subnets`, its limited functionality precludes examples.
As this is the initial release of `aws_subnets`, its limited functionality precludes examples.
<br>
@ -39,12 +39,12 @@ As this is the initial release of `aws_vpc_subnets`, its limited functionality p
The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.
# You dont always have subnets, so you can test if there are any.
describe aws_vpc_subnets
describe aws_subnets
it { should exist }
end
# Test that there are subnets in a vpc
describe aws_vpc_subnets.where(vpc_id: 'vpc-12345678')
describe aws_subnets.where(vpc_id: 'vpc-12345678')
it { should exist }
end
@ -55,7 +55,7 @@ The control will pass if the filter returns at least one result. Use should_not
A string identifying the VPC which may or may not contain subnets.
# Look for all subnts within a vpc.
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' }
end
@ -65,7 +65,7 @@ A string identifying the VPC which may or may not contain subnets.
A string identifying a specific subnet.
# Examine a specific subnet
describe aws_vpc_subnets.where(subnet_id: 'subnet-12345678') do
describe aws_subnets.where(subnet_id: 'subnet-12345678') do
its('cidr_blocks') { should eq ['10.0.1.0/24'] }
end
@ -77,7 +77,7 @@ A string identifying a specific subnet.
Provides a string that contains the cidr block of ip addresses that can be given in the subnet.
# Examine a specific subnets cidr_blocks
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do
describe aws_subnets.where( subnet_id: 'subnet-12345678') do
its('cidr_blocks') { should eq ['10.0.1.0/24'] }
end
@ -86,7 +86,7 @@ Provides a string that contains the cidr block of ip addresses that can be given
Provides an array containing a string of the vpc_id associated with a subnet.
# Examine a specific subnets VPC IDS
describe aws_vpc_subnets.where( subnet_id: 'subnet-12345678') do
describe aws_subnets.where( subnet_id: 'subnet-12345678') do
its('vpc_ids') { should include 'vpc-12345678' }
end
@ -95,7 +95,7 @@ Provides an array containing a string of the vpc_id associated with a subnet.
Provides an array of strings containing the subnet IDs associated with a vpc.
# Examine a specific vpcs Subnet IDs
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('subnet_ids') { should include 'subnet-12345678' }
its('subnet_ids') { should include 'subnet-98765432' }
end
@ -105,6 +105,6 @@ Provides an array of strings containing the subnet IDs associated with a vpc.
Provides an array of strings including whether the subnets are available or not.
# Examine a specific vpcs Subnet IDs
describe aws_vpc_subnets.where( vpc_id: 'vpc-12345678') do
describe aws_subnets.where( vpc_id: 'vpc-12345678') do
its('states') { should_not include 'pending' }
end

View file

@ -1,10 +1,10 @@
require '_aws'
class AwsEc2SecurityGroup < Inspec.resource(1)
name 'aws_ec2_security_group'
class AwsSecurityGroup < Inspec.resource(1)
name 'aws_security_group'
desc 'Verifies settings for an individual AWS Security Group.'
example '
describe aws_ec2_security_group("sg-12345678") do
describe aws_security_group("sg-12345678") do
it { should exist }
end
'
@ -31,17 +31,17 @@ class AwsEc2SecurityGroup < Inspec.resource(1)
recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
raise ArgumentError, 'aws_ec2_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
raise ArgumentError, 'aws_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
end
if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
raise ArgumentError, 'aws_ec2_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
raise ArgumentError, 'aws_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
end
validated_params = recognized_params
if validated_params.empty?
raise ArgumentError, 'You must provide parameters to aws_ec2_security_group, such as group_name, group_id, or vpc_id.g_group.'
raise ArgumentError, 'You must provide parameters to aws_security_group, such as group_name, group_id, or vpc_id.g_group.'
end
validated_params
end

View file

@ -1,16 +1,16 @@
require '_aws'
class AwsEc2SecurityGroups < Inspec.resource(1)
name 'aws_ec2_security_groups'
class AwsSecurityGroups < Inspec.resource(1)
name 'aws_security_groups'
desc 'Verifies settings for AWS Security Groups in bulk'
example <<-EOX
# Verify that you have security groups defined
describe aws_ec2_security_groups do
describe aws_security_groups do
it { should exist }
end
# Verify you have more than the default security group
describe aws_ec2_security_groups do
describe aws_security_groups do
its('entries.count') { should be > 1 }
end
EOX

View file

@ -2,11 +2,11 @@
require '_aws'
class AwsVpcSubnet < Inspec.resource(1)
name 'aws_vpc_subnet'
class AwsSubnet < Inspec.resource(1)
name 'aws_subnet'
desc 'This resource is used to test the attributes of a VPC subnet'
example "
describe aws_vpc_subnet(subnet_id: 'subnet-12345678') do
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist }
its('cidr_block') { should eq '10.0.1.0/24' }
end
@ -38,11 +38,11 @@ class AwsVpcSubnet < Inspec.resource(1)
# Make sure the subnet_id parameter was specified and in the correct form.
if validated_params.key?(:subnet_id) && validated_params[:subnet_id] !~ /^subnet\-[0-9a-f]{8}/
raise ArgumentError, 'aws_vpc_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.'
raise ArgumentError, 'aws_subnet Subnet ID must be in the format "subnet-" followed by 8 hexadecimal characters.'
end
if validated_params.empty?
raise ArgumentError, 'You must provide a subnet_id to aws_vpc_subnet.'
raise ArgumentError, 'You must provide a subnet_id to aws_subnet.'
end
validated_params

View file

@ -1,11 +1,11 @@
require '_aws'
class AwsVpcSubnets < Inspec.resource(1)
name 'aws_vpc_subnets'
class AwsSubnets < Inspec.resource(1)
name 'aws_subnets'
desc 'Verifies settings for VPC Subnets in bulk'
example "
# you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(vpc_id: 'vpc-123456789') do
describe aws_subnets.where(vpc_id: 'vpc-123456789') do
its('subnet_ids') { should eq ['subnet-12345678', 'subnet-87654321'] }
its('cidr_blocks') { should eq ['172.31.96.0/20'] }
its('states') { should_not include 'pending' }

View file

@ -12,28 +12,28 @@ fixtures = {}
)
end
control "aws_ec2_security_group recall of default VPC" do
control "aws_security_group recall of default VPC" do
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do
describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
it { should exist }
end
describe aws_ec2_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
describe aws_security_group(group_name: 'default', vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
it { should exist }
end
describe aws_ec2_security_group(group_name: 'no-such-security-group') do
describe aws_security_group(group_name: 'no-such-security-group') do
it { should_not exist }
end
end
control "aws_ec2_security_group properties" do
control "aws_security_group properties" do
# You should be able to find the default security group's ID.
describe aws_ec2_security_group(fixtures['ec2_security_group_default_group_id']) do
describe aws_security_group(fixtures['ec2_security_group_default_group_id']) do
its('group_id') { should cmp fixtures['ec2_security_group_default_group_id'] }
end
describe aws_ec2_security_group(fixtures['ec2_security_group_alpha_group_id']) do
describe aws_security_group(fixtures['ec2_security_group_alpha_group_id']) do
its('group_name') { should cmp fixtures['ec2_security_group_alpha_group_name'] }
its('vpc_id') { should cmp fixtures['ec2_security_group_default_vpc_id'] }
its('description') { should cmp 'SG alpha' }

View file

@ -11,7 +11,7 @@ fixtures = {}
end
control "aws_security_groups client-side filtering" do
all_groups = aws_ec2_security_groups
all_groups = aws_security_groups
# You should always have at least one security group
describe all_groups do
@ -37,14 +37,14 @@ end
control "aws_security_groups properties" do
# You should be able to find the default security group's ID.
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
describe aws_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
end
end
control "aws_ec2_security_groups" do
control "aws_security_groups" do
# Verify you have more than the default security group
describe aws_ec2_security_groups do
describe aws_security_groups do
its('entries.count') { should be >= 2 }
end
end

View file

@ -10,24 +10,24 @@ fixtures = {}
)
end
control "aws_vpc_subnet recall of subnet_01" do
control "aws_subnet recall of subnet_01" do
# Test hash given subnet_id
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
it { should exist }
end
# Test scalar works
describe aws_vpc_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do
describe aws_subnet(fixtures['ec2_default_vpc_subnet_01_id']) do
it { should exist }
end
describe aws_vpc_subnet(subnet_id: 'subnet-00000000') do
describe aws_subnet(subnet_id: 'subnet-00000000') do
it { should_not exist }
end
end
control "aws_vpc_subnet properties of subnet_01" do
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
control "aws_subnet properties of subnet_01" do
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
its('vpc_id') { should eq fixtures['ec2_security_group_default_vpc_id'] }
its('subnet_id') { should eq fixtures['ec2_default_vpc_subnet_01_id'] }
its('cidr_block') { should eq '172.31.96.0/20' }
@ -37,8 +37,8 @@ control "aws_vpc_subnet properties of subnet_01" do
end
end
control "aws_vpc_subnet matchers of subnet_01" do
describe aws_vpc_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
control "aws_subnet matchers of subnet_01" do
describe aws_subnet(subnet_id: fixtures['ec2_default_vpc_subnet_01_id']) do
it { should be_available }
it { should_not be_mapping_public_ip_on_launch }
it { should_not be_default_for_az }

View file

@ -10,8 +10,8 @@ fixtures = {}
)
end
control "aws_vpc_subnets recall" do
all_subnets = aws_vpc_subnets
control "aws_subnets recall" do
all_subnets = aws_subnets
# You should be able to get a specific subnet given its id
describe all_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
@ -32,17 +32,17 @@ control "aws_vpc_subnets recall" do
end
end
control "aws_vpc_subnets properties of default VPC subnet" do
control "aws_subnets properties of default VPC subnet" do
# you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
describe aws_subnets.where(subnet_id: fixtures['ec2_default_vpc_subnet_id']) do
its('cidr_blocks') { should include '172.31.96.0/20' }
its('states') { should_not include 'pending' }
end
end
control "aws_vpc_subnets properties of default VPC" do
control "aws_subnets properties of default VPC" do
# you should be able to test the cidr_block of a subnet
describe aws_vpc_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
describe aws_subnets.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('cidr_blocks') { should include '172.31.96.0/20' }
its('states') { should include 'available' }
end

View file

@ -1,6 +1,6 @@
require 'ostruct'
require 'helper'
require 'aws_ec2_security_group'
require 'aws_security_group'
# MESGSB = MockEc2SecurityGroupSingleBackend
# Abbreviation not used outside this file
@ -8,17 +8,17 @@ require 'aws_ec2_security_group'
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsESGSConstructor < Minitest::Test
class AwsSGSConstructor < Minitest::Test
def setup
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Empty)
AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Empty)
end
def test_constructor_no_args_raises
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new }
assert_raises(ArgumentError) { AwsSecurityGroup.new }
end
def test_constructor_accept_scalar_param
AwsEc2SecurityGroup.new('sg-12345678')
AwsSecurityGroup.new('sg-12345678')
end
def test_constructor_expected_well_formed_args
@ -28,7 +28,7 @@ class AwsESGSConstructor < Minitest::Test
vpc_id: 'vpc-1234abcd',
group_name: 'some-group',
}.each do |param, value|
AwsEc2SecurityGroup.new(param => value)
AwsSecurityGroup.new(param => value)
end
end
@ -38,12 +38,12 @@ class AwsESGSConstructor < Minitest::Test
group_id: '1234abcd',
vpc_id: 'vpc_1234abcd',
}.each do |param, value|
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(param => value) }
assert_raises(ArgumentError) { AwsSecurityGroup.new(param => value) }
end
end
def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsEc2SecurityGroup.new(beep: 'boop') }
assert_raises(ArgumentError) { AwsSecurityGroup.new(beep: 'boop') }
end
end
@ -51,29 +51,29 @@ end
# Properties
#=============================================================================#
class AwsESGSProperties < Minitest::Test
class AwsSGSProperties < Minitest::Test
def setup
AwsEc2SecurityGroup::BackendFactory.select(AwsMESGSB::Basic)
AwsSecurityGroup::BackendFactory.select(AwsMESGSB::Basic)
end
def test_property_group_id
assert_equal('sg-12345678', AwsEc2SecurityGroup.new('sg-12345678').group_id)
assert_nil(AwsEc2SecurityGroup.new(group_name: 'my-group').group_id)
assert_equal('sg-12345678', AwsSecurityGroup.new('sg-12345678').group_id)
assert_nil(AwsSecurityGroup.new(group_name: 'my-group').group_id)
end
def test_property_group_name
assert_equal('beta', AwsEc2SecurityGroup.new('sg-12345678').group_name)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').group_name)
assert_equal('beta', AwsSecurityGroup.new('sg-12345678').group_name)
assert_nil(AwsSecurityGroup.new('sg-87654321').group_name)
end
def test_property_vpc_id
assert_equal('vpc-aaaabbbb', AwsEc2SecurityGroup.new('sg-aaaabbbb').vpc_id)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').vpc_id)
assert_equal('vpc-aaaabbbb', AwsSecurityGroup.new('sg-aaaabbbb').vpc_id)
assert_nil(AwsSecurityGroup.new('sg-87654321').vpc_id)
end
def test_property_description
assert_equal('Awesome Group', AwsEc2SecurityGroup.new('sg-12345678').description)
assert_nil(AwsEc2SecurityGroup.new('sg-87654321').description)
assert_equal('Awesome Group', AwsSecurityGroup.new('sg-12345678').description)
assert_nil(AwsSecurityGroup.new('sg-87654321').description)
end
end

View file

@ -1,48 +1,48 @@
require 'ostruct'
require 'helper'
require 'aws_ec2_security_groups'
require 'aws_security_groups'
# MESGB = MockEc2SecurityGroupBackend
# MESGB = MockSecurityGroupBackend
# Abbreviation not used outside this file
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsESGConstructor < Minitest::Test
class AwsSGConstructor < Minitest::Test
def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Empty)
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Empty)
end
def test_constructor_no_args_ok
AwsEc2SecurityGroups.new
AwsSecurityGroups.new
end
def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsEc2SecurityGroups.new(beep: 'boop') }
assert_raises(ArgumentError) { AwsSecurityGroups.new(beep: 'boop') }
end
end
#=============================================================================#
# Filter Criteria
#=============================================================================#
class AwsESGFilterCriteria < Minitest::Test
class AwsSGFilterCriteria < Minitest::Test
def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic)
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
end
def test_filter_vpc_id
hit = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-12345678')
hit = AwsSecurityGroups.new.where(vpc_id: 'vpc-12345678')
assert(hit.exists?)
miss = AwsEc2SecurityGroups.new.where(vpc_id: 'vpc-87654321')
miss = AwsSecurityGroups.new.where(vpc_id: 'vpc-87654321')
refute(miss.exists?)
end
def test_filter_group_name
hit = AwsEc2SecurityGroups.new.where(group_name: 'alpha')
hit = AwsSecurityGroups.new.where(group_name: 'alpha')
assert(hit.exists?)
miss = AwsEc2SecurityGroups.new.where(group_name: 'nonesuch')
miss = AwsSecurityGroups.new.where(group_name: 'nonesuch')
refute(miss.exists?)
end
@ -51,13 +51,13 @@ end
#=============================================================================#
# Properties
#=============================================================================#
class AwsESGProperties < Minitest::Test
class AwsSGProperties < Minitest::Test
def setup
AwsEc2SecurityGroups::BackendFactory.select(AwsMESGB::Basic)
AwsSecurityGroups::BackendFactory.select(AwsMESGB::Basic)
end
def test_property_group_ids
basic = AwsEc2SecurityGroups.new
basic = AwsSecurityGroups.new
assert_kind_of(Array, basic.group_ids)
assert(basic.group_ids.include?('sg-aaaabbbb'))
refute(basic.group_ids.include?(nil))

View file

@ -1,6 +1,6 @@
# encoding: utf-8
require 'helper'
require 'aws_vpc_subnet'
require 'aws_subnet'
# MVSSB = MockVpcSubnetSingleBackend
# Abbreviation not used outside this file
@ -8,21 +8,21 @@ require 'aws_vpc_subnet'
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsVpcSubnetConstructorTest < Minitest::Test
class AwsSubnetConstructorTest < Minitest::Test
def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end
def test_constructor_no_args_raises
assert_raises(ArgumentError) { AwsVpcSubnet.new }
assert_raises(ArgumentError) { AwsSubnet.new }
end
def test_constructor_expected_well_formed_args
AwsVpcSubnet.new(subnet_id: 'subnet-12345678')
AwsSubnet.new(subnet_id: 'subnet-12345678')
end
def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsVpcSubnet.new(bla: 'blabla') }
assert_raises(ArgumentError) { AwsSubnet.new(bla: 'blabla') }
end
end
@ -30,17 +30,17 @@ end
# Recall
#=============================================================================#
class AwsVpcSubnetRecallTest < Minitest::Test
class AwsSubnetRecallTest < Minitest::Test
def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end
def test_search_hit_via_hash_with_vpc_id_and_subnet_id_works
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').exists?
assert AwsSubnet.new(subnet_id: 'subnet-12345678').exists?
end
def test_search_miss_is_not_an_exception
refute AwsVpcSubnet.new(subnet_id: 'subnet-00000000').exists?
refute AwsSubnet.new(subnet_id: 'subnet-00000000').exists?
end
end
@ -48,62 +48,62 @@ end
# properties
#=============================================================================#
class AwsVpcSubnetPropertiesTest < Minitest::Test
class AwsSubnetPropertiesTest < Minitest::Test
def setup
AwsVpcSubnet::BackendFactory.select(AwsMVSSB::Basic)
AwsSubnet::BackendFactory.select(AwsMVSSB::Basic)
end
def test_property_subnet_id
assert_equal('subnet-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').subnet_id)
assert_equal('subnet-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').subnet_id)
end
def test_property_vpc_id
assert_equal('vpc-12345678', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').vpc_id)
assert_equal('vpc-12345678', AwsSubnet.new(subnet_id: 'subnet-12345678').vpc_id)
end
def test_property_cidr_block
assert_equal('10.0.1.0/24', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').cidr_block)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').cidr_block)
assert_equal('10.0.1.0/24', AwsSubnet.new(subnet_id: 'subnet-12345678').cidr_block)
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').cidr_block)
end
def test_property_availability_zone
assert_equal('us-east-1', AwsVpcSubnet.new(subnet_id: 'subnet-12345678').availability_zone)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').availability_zone)
assert_equal('us-east-1', AwsSubnet.new(subnet_id: 'subnet-12345678').availability_zone)
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').availability_zone)
end
def test_property_available_ip_address_count
assert_equal(251, AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count)
assert_equal(251, AwsSubnet.new(subnet_id: 'subnet-12345678').available_ip_address_count)
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').available_ip_address_count)
end
def test_property_ipv_6_cidr_block_association_set
assert_equal([], AwsVpcSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set)
assert_nil(AwsVpcSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set)
assert_equal([], AwsSubnet.new(subnet_id: 'subnet-12345678').ipv_6_cidr_block_association_set)
assert_nil(AwsSubnet.new(subnet_id: 'subnet-00000000').ipv_6_cidr_block_association_set)
end
end
#=============================================================================#
# Test Matchers
#=============================================================================#
class AwsVpcSubnetPropertiesTest < Minitest::Test
class AwsSubnetPropertiesTest < Minitest::Test
def test_matcher_assign_ipv_6_address_on_creation
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation
assert AwsSubnet.new(subnet_id: 'subnet-12345678').assigning_ipv_6_address_on_creation
refute AwsSubnet.new(subnet_id: 'subnet-87654321').assigning_ipv_6_address_on_creation
end
def test_matcher_available
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').available?
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').available?
assert AwsSubnet.new(subnet_id: 'subnet-12345678').available?
refute AwsSubnet.new(subnet_id: 'subnet-87654321').available?
end
def test_matcher_default_for_az
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').default_for_az?
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').default_for_az?
assert AwsSubnet.new(subnet_id: 'subnet-12345678').default_for_az?
refute AwsSubnet.new(subnet_id: 'subnet-87654321').default_for_az?
end
def test_matcher_map_public_ip_on_launch
assert AwsVpcSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch
refute AwsVpcSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch
assert AwsSubnet.new(subnet_id: 'subnet-12345678').mapping_public_ip_on_launch
refute AwsSubnet.new(subnet_id: 'subnet-87654321').mapping_public_ip_on_launch
end
end

View file

@ -1,6 +1,6 @@
require 'ostruct'
require 'helper'
require 'aws_vpc_subnets'
require 'aws_subnets'
# MVSB = MockVpcSubnetsBackend
# Abbreviation not used outside this file
@ -8,42 +8,42 @@ require 'aws_vpc_subnets'
#=============================================================================#
# Constructor Tests
#=============================================================================#
class AwsVpcSubnetsConstructor < Minitest::Test
class AwsSubnetsConstructor < Minitest::Test
def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end
def test_constructor_no_args_ok
AwsVpcSubnets.new
AwsSubnets.new
end
def test_constructor_reject_unknown_resource_params
assert_raises(ArgumentError) { AwsVpcSubnets.new(bla: 'blabla') }
assert_raises(ArgumentError) { AwsSubnets.new(bla: 'blabla') }
end
end
#=============================================================================#
# Filter Criteria
#=============================================================================#
class AwsVpcSubnetsFilterCriteria < Minitest::Test
class AwsSubnetsFilterCriteria < Minitest::Test
def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end
def test_filter_vpc_id
hit = AwsVpcSubnets.new.where(vpc_id: 'vpc-01234567')
hit = AwsSubnets.new.where(vpc_id: 'vpc-01234567')
assert(hit.exists?)
miss = AwsVpcSubnets.new.where(vpc_id: 'vpc-87654321')
miss = AwsSubnets.new.where(vpc_id: 'vpc-87654321')
refute(miss.exists?)
end
def test_filter_subnet_id
hit = AwsVpcSubnets.new.where(subnet_id: 'subnet-01234567')
hit = AwsSubnets.new.where(subnet_id: 'subnet-01234567')
assert(hit.exists?)
miss = AwsVpcSubnets.new.where(subnet_id: 'subnet-98765432')
miss = AwsSubnets.new.where(subnet_id: 'subnet-98765432')
refute(miss.exists?)
end
@ -52,34 +52,34 @@ end
#=============================================================================#
# Properties
#=============================================================================#
class AwsVpcSubnetProperties < Minitest::Test
class AwsSubnetProperties < Minitest::Test
def setup
AwsVpcSubnets::BackendFactory.select(AwsMVSB::Basic)
AwsSubnets::BackendFactory.select(AwsMVSB::Basic)
end
def test_property_vpc_ids
basic = AwsVpcSubnets.new
basic = AwsSubnets.new
assert_kind_of(Array, basic.vpc_ids)
assert(basic.vpc_ids.include?('vpc-01234567'))
refute(basic.vpc_ids.include?(nil))
end
def test_property_subnet_ids
basic = AwsVpcSubnets.new
basic = AwsSubnets.new
assert_kind_of(Array, basic.subnet_ids)
assert(basic.subnet_ids.include?('subnet-01234567'))
refute(basic.subnet_ids.include?(nil))
end
def test_property_cidr_blocks
basic = AwsVpcSubnets.new
basic = AwsSubnets.new
assert_kind_of(Array, basic.cidr_blocks)
assert(basic.cidr_blocks.include?('10.0.1.0/24'))
refute(basic.cidr_blocks.include?(nil))
end
def test_property_states
basic = AwsVpcSubnets.new
basic = AwsSubnets.new
assert_kind_of(Array, basic.states)
assert(basic.states.include?('available'))
refute(basic.states.include?(nil))