mirror of
https://github.com/inspec/inspec
synced 2025-02-18 23:18:53 +00:00
82dc6f3ec7
* Update docs in source to use matcher-style calls, not properties-as-predicates Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Main doc file for aws_iam_user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add documentation for existing resources This adds documentation for the following resources, including custom matchers: - aws_ec2_instance - aws_iam_access_key - aws_iam_password_policy - aws_iam_root_user - aws_iam_users Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix `aws_iam_users` example (Console + No MFA) (#104) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Correct copypasta Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove misleading singular matcher information from the plural docs for aws_iam_users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Correct `aws-iam-userss` typo (#105) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add EC2 instance state info Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * test commit Signed-off-by: kgarmoe <kgarmoe@chef.io> * copy edits Signed-off-by: kgarmoe <kgarmoe@chef.io> * Yikes, forgot to save after correcting a merge conflict Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
54 lines
1.3 KiB
Ruby
54 lines
1.3 KiB
Ruby
# author: Alex Bedley
|
|
# author: Steffanie Freeman
|
|
# author: Simon Varlow
|
|
# author: Chris Redekop
|
|
|
|
class AwsIamUser < Inspec.resource(1)
|
|
name 'aws_iam_user'
|
|
desc 'Verifies settings for AWS IAM user'
|
|
example "
|
|
describe aws_iam_user(name: 'test_user') do
|
|
it { should have_mfa_enabled }
|
|
it { should_not have_console_password }
|
|
end
|
|
"
|
|
def initialize(
|
|
opts,
|
|
aws_user_provider = AwsIam::UserProvider.new,
|
|
aws_user_details_provider_ini = AwsIam::UserDetailsProviderInitializer.new,
|
|
access_key_factory = AwsIamAccessKeyFactory.new
|
|
)
|
|
user = opts[:user]
|
|
user = aws_user_provider.user(opts[:name]) if user.nil?
|
|
@aws_user_details_provider = aws_user_details_provider_ini.create(user)
|
|
@access_key_factory = access_key_factory
|
|
end
|
|
|
|
def has_mfa_enabled?
|
|
@aws_user_details_provider.has_mfa_enabled?
|
|
end
|
|
|
|
def has_console_password?
|
|
@aws_user_details_provider.has_console_password?
|
|
end
|
|
|
|
def access_keys
|
|
@aws_user_details_provider.access_keys.map { |access_key|
|
|
@access_key_factory.create_access_key(access_key)
|
|
}
|
|
end
|
|
|
|
def name
|
|
@aws_user_details_provider.name
|
|
end
|
|
|
|
def to_s
|
|
"IAM User #{name}"
|
|
end
|
|
|
|
class AwsIamAccessKeyFactory
|
|
def create_access_key(access_key)
|
|
AwsIamAccessKey.new({ access_key: access_key })
|
|
end
|
|
end
|
|
end
|