mirror of
https://github.com/inspec/inspec
synced 2024-11-24 05:33:17 +00:00
127 lines
2.8 KiB
Ruby
127 lines
2.8 KiB
Ruby
require '_aws'
|
|
|
|
# author: Christoph Hartmann
|
|
class AwsEc2Instance < Inspec.resource(1)
|
|
name 'aws_ec2_instance'
|
|
desc 'Verifies settings for an EC2 instance'
|
|
|
|
example "
|
|
describe aws_ec2_instance('i-123456') do
|
|
it { should be_running }
|
|
it { should have_roles }
|
|
end
|
|
|
|
describe aws_ec2_instance(name: 'my-instance') do
|
|
it { should be_running }
|
|
it { should have_roles }
|
|
end
|
|
"
|
|
|
|
def initialize(opts, conn = AWSConnection.new)
|
|
@opts = opts
|
|
@opts.is_a?(Hash) ? @display_name = @opts[:name] : @display_name = opts
|
|
@ec2_client = conn.ec2_client
|
|
@ec2_resource = conn.ec2_resource
|
|
@iam_resource = conn.iam_resource
|
|
end
|
|
|
|
def id
|
|
return @instance_id if defined?(@instance_id)
|
|
if @opts.is_a?(Hash)
|
|
first = @ec2_resource.instances(
|
|
{
|
|
filters: [{
|
|
name: 'tag:Name',
|
|
values: [@opts[:name]],
|
|
}],
|
|
},
|
|
).first
|
|
# catch case where the instance is not known
|
|
@instance_id = first.id unless first.nil?
|
|
else
|
|
@instance_id = @opts
|
|
end
|
|
end
|
|
alias instance_id id
|
|
|
|
def exists?
|
|
return false if instance.nil?
|
|
instance.exists?
|
|
end
|
|
|
|
# returns the instance state
|
|
def state
|
|
instance&.state&.name
|
|
end
|
|
|
|
# helper methods for each state
|
|
%w{
|
|
pending running shutting-down
|
|
terminated stopping stopped unknown
|
|
}.each do |state_name|
|
|
define_method state_name.tr('-', '_') + '?' do
|
|
state == state_name
|
|
end
|
|
end
|
|
|
|
# attributes that we want to expose
|
|
%w{
|
|
public_ip_address private_ip_address key_name private_dns_name
|
|
public_dns_name subnet_id architecture root_device_type
|
|
root_device_name virtualization_type client_token launch_time
|
|
instance_type image_id vpc_id
|
|
}.each do |attribute|
|
|
define_method attribute do
|
|
instance.send(attribute) if instance
|
|
end
|
|
end
|
|
|
|
def security_groups
|
|
@security_groups ||= instance.security_groups.map { |sg|
|
|
{ id: sg.group_id, name: sg.group_name }
|
|
}
|
|
end
|
|
|
|
def tags
|
|
@tags ||= instance.tags.map { |tag| { key: tag.key, value: tag.value } }
|
|
end
|
|
|
|
def to_s
|
|
"EC2 Instance #{@display_name}"
|
|
end
|
|
|
|
def has_roles?
|
|
instance_profile = instance.iam_instance_profile
|
|
|
|
if instance_profile
|
|
roles = @iam_resource.instance_profile(
|
|
instance_profile.arn.gsub(%r{^.*\/}, ''),
|
|
).roles
|
|
else
|
|
roles = nil
|
|
end
|
|
|
|
roles && !roles.empty?
|
|
end
|
|
|
|
private
|
|
|
|
def instance
|
|
@instance ||= @ec2_resource.instance(id)
|
|
end
|
|
end
|
|
|
|
# Deprecated
|
|
class AwsEc2 < AwsEc2Instance
|
|
name 'aws_ec2'
|
|
|
|
def initialize(opts, conn = AWSConnection.new)
|
|
deprecated
|
|
super(opts, conn)
|
|
end
|
|
|
|
def deprecated
|
|
warn '[DEPRECATION] `aws_ec2(parameter)` is deprecated. ' \
|
|
'Please use `aws_ec2_instance(parameter)` instead.'
|
|
end
|
|
end
|