inspec/test/integration/default/verify/controls/aws_security_groups.rb
Clinton Wolfe 162335aa60 Move files for rename
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 22:56:45 -05:00

50 lines
1.5 KiB
Ruby

fixtures = {}
[
'ec2_security_group_default_vpc_id',
'ec2_security_group_default_group_id',
].each do |fixture_name|
fixtures[fixture_name] = attribute(
fixture_name,
default: "default.#{fixture_name}",
description: 'See ../build/ec2.tf',
)
end
control "aws_security_groups client-side filtering" do
all_groups = aws_ec2_security_groups
# You should always have at least one security group
describe all_groups do
it { should exist }
end
# You should be able to find a security group in the default VPC
describe all_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
it { should exist }
end
describe all_groups.where(vpc_id: 'vpc-12345678') do
it { should_not exist }
end
# You should be able to find the security group named default
describe all_groups.where(group_name: 'default') do
it { should exist }
end
describe all_groups.where(group_name: 'no-such-security-group') do
it { should_not exist }
end
end
control "aws_security_groups properties" do
# You should be able to find the default security group's ID.
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
end
end
control "aws_ec2_security_groups" do
# Verify you have more than the default security group
describe aws_ec2_security_groups do
its('entries.count') { should be >= 2 }
end
end