mirror of
https://github.com/inspec/inspec
synced 2025-01-07 18:59:09 +00:00
cdfb325ca3
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
360 lines
12 KiB
Ruby
360 lines
12 KiB
Ruby
require "helper"
|
|
require "inspec/resource"
|
|
require "resources/aws/aws_iam_access_keys"
|
|
|
|
require "resource_support/aws"
|
|
|
|
#==========================================================#
|
|
# Constructor Tests #
|
|
#==========================================================#
|
|
|
|
class AwsIamAccessKeysConstructorTest < Minitest::Test
|
|
def setup
|
|
AwsIamAccessKeys::BackendFactory.select(AlwaysEmptyMAKP)
|
|
end
|
|
|
|
def test_bare_constructor_does_not_explode
|
|
AwsIamAccessKeys.new
|
|
end
|
|
end
|
|
|
|
#==========================================================#
|
|
# Filtering Tests #
|
|
#==========================================================#
|
|
|
|
class AwsIamAccessKeysFilterTest < Minitest::Test
|
|
|
|
def test_filter_methods_should_exist
|
|
AwsIamAccessKeys::BackendFactory.select(AlwaysEmptyMAKP)
|
|
resource = AwsIamAccessKeys.new
|
|
%i{where exists?}.each do |meth|
|
|
assert_respond_to(resource, meth)
|
|
end
|
|
end
|
|
|
|
def test_filter_method_where_should_be_chainable
|
|
AwsIamAccessKeys::BackendFactory.select(AlwaysEmptyMAKP)
|
|
resource = AwsIamAccessKeys.new
|
|
assert_respond_to(resource.where, :where)
|
|
end
|
|
|
|
def test_filter_method_exists_should_probe_empty_when_empty
|
|
AwsIamAccessKeys::BackendFactory.select(AlwaysEmptyMAKP)
|
|
resource = AwsIamAccessKeys.new
|
|
refute(resource.exists?)
|
|
end
|
|
|
|
def test_filter_method_exists_should_probe_present_when_present
|
|
AwsIamAccessKeys::BackendFactory.select(BasicMAKP)
|
|
resource = AwsIamAccessKeys.new
|
|
assert(resource.exists?)
|
|
end
|
|
end
|
|
|
|
#==========================================================#
|
|
# Filter Criteria Tests #
|
|
#==========================================================#
|
|
|
|
class AwsIamAccessKeysFilterCriteriaTest < Minitest::Test
|
|
def setup
|
|
# Here we always want no results.
|
|
AwsIamAccessKeys::BackendFactory.select(AlwaysEmptyMAKP)
|
|
@valued_criteria = {
|
|
username: "bob",
|
|
id: "AKIA1234567890ABCDEF",
|
|
access_key_id: "AKIA1234567890ABCDEF",
|
|
}
|
|
end
|
|
|
|
def test_criteria_when_used_in_constructor_with_value
|
|
@valued_criteria.each do |criterion, value|
|
|
AwsIamAccessKeys.new(criterion => value)
|
|
end
|
|
end
|
|
|
|
def test_criteria_when_used_in_where_with_value
|
|
@valued_criteria.each do |criterion, value|
|
|
AwsIamAccessKeys.new.where(criterion => value)
|
|
end
|
|
end
|
|
|
|
# Negative cases
|
|
def test_criteria_when_used_in_constructor_with_bad_criterion
|
|
assert_raises(ArgumentError) do
|
|
AwsIamAccessKeys.new(nope: "some_val")
|
|
end
|
|
end
|
|
|
|
def test_criteria_when_used_in_where_with_bad_criterion
|
|
assert_raises(ArgumentError) do
|
|
AwsIamAccessKeys.new(nope: "some_val")
|
|
end
|
|
end
|
|
|
|
# Identity criterion is allowed based on regex
|
|
def test_identity_criterion_when_used_in_constructor_positive
|
|
AwsIamAccessKeys.new("AKIA1234567890ABCDEF")
|
|
end
|
|
|
|
# Permitted by FilterTable?
|
|
def test_identity_criterion_when_used_in_where_positive
|
|
AwsIamAccessKeys.new.where("AKIA1234567890ABCDEF")
|
|
end
|
|
|
|
def test_identity_criterion_when_used_in_constructor_negative
|
|
assert_raises(RuntimeError) do
|
|
AwsIamAccessKeys.new("NopeAKIA1234567890ABCDEF")
|
|
end
|
|
end
|
|
|
|
# Permitted by FilterTable?
|
|
# def test_identity_criterion_when_used_in_where_negative
|
|
# assert_raises(RuntimeError) do
|
|
# AwsIamAccessKeys.new.where('NopeAKIA1234567890ABCDEF')
|
|
# end
|
|
# end
|
|
end
|
|
|
|
#==========================================================#
|
|
# Property Tests #
|
|
#==========================================================#
|
|
class AwsIamAccessKeysPropertiesTest < Minitest::Test
|
|
def setup
|
|
# Reset back to the basic kit each time.
|
|
AwsIamAccessKeys::BackendFactory.select(BasicMAKP)
|
|
@all_basic = AwsIamAccessKeys.new
|
|
end
|
|
|
|
#----------------------------------------------------------#
|
|
# created_date / created_days_ago / created_hours_ago #
|
|
#----------------------------------------------------------#
|
|
def test_property_created_date
|
|
assert_kind_of(DateTime, @all_basic.entries.first.create_date)
|
|
|
|
arg_filtered = @all_basic.where(create_date: DateTime.parse("2017-10-27T17:58:00Z"))
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("BOB")
|
|
|
|
block_filtered = @all_basic.where { create_date.friday? }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("BOB")
|
|
end
|
|
|
|
def test_property_created_days_ago
|
|
assert_kind_of(Integer, @all_basic.entries.first.created_days_ago)
|
|
|
|
arg_filtered = @all_basic.where(created_days_ago: 9)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { created_days_ago > 2 }
|
|
assert_equal(2, block_filtered.entries.count)
|
|
end
|
|
|
|
def test_property_created_hours_ago
|
|
assert_kind_of(Integer, @all_basic.entries.first.created_hours_ago)
|
|
|
|
arg_filtered = @all_basic.where(created_hours_ago: 222)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { created_hours_ago > 100 }
|
|
assert_equal(2, block_filtered.entries.count)
|
|
end
|
|
|
|
#----------------------------------------------------------#
|
|
# created_with_user #
|
|
#----------------------------------------------------------#
|
|
def test_property_created_with_user
|
|
assert_kind_of(TrueClass, @all_basic.entries[0].created_with_user)
|
|
assert_kind_of(FalseClass, @all_basic.entries[1].created_with_user)
|
|
|
|
arg_filtered = @all_basic.where(created_with_user: true)
|
|
assert_equal(2, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("BOB")
|
|
|
|
block_filtered = @all_basic.where { created_with_user }
|
|
assert_equal(2, block_filtered.entries.count)
|
|
end
|
|
|
|
#----------------------------------------------------------#
|
|
# active / inactive #
|
|
#----------------------------------------------------------#
|
|
def test_property_active
|
|
assert_kind_of(TrueClass, @all_basic.entries.first.active)
|
|
|
|
arg_filtered = @all_basic.where(active: true)
|
|
assert_equal(2, arg_filtered.entries.count)
|
|
|
|
block_filtered = @all_basic.where { active }
|
|
assert_equal(2, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("BOB")
|
|
end
|
|
|
|
def test_property_inactive
|
|
assert_kind_of(FalseClass, @all_basic.entries.first.inactive)
|
|
|
|
arg_filtered = @all_basic.where(inactive: true)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
|
|
block_filtered = @all_basic.where { inactive }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("ROBIN")
|
|
end
|
|
|
|
#-----------------------------------------------------------#
|
|
# last_used_date / last_used_days_ago / last_used_hours_ago #
|
|
#-----------------------------------------------------------#
|
|
def test_property_last_used_date
|
|
assert_kind_of(NilClass, @all_basic.entries[0].last_used_date)
|
|
assert_kind_of(DateTime, @all_basic.entries[1].last_used_date)
|
|
|
|
arg_filtered = @all_basic.where(last_used_date: DateTime.parse("2017-10-27T17:58:00Z"))
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { last_used_date && last_used_date.friday? }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("SALLY")
|
|
end
|
|
|
|
def test_property_last_used_days_ago
|
|
assert_kind_of(NilClass, @all_basic.entries[0].last_used_days_ago)
|
|
assert_kind_of(Integer, @all_basic.entries[1].last_used_days_ago)
|
|
|
|
arg_filtered = @all_basic.where(last_used_days_ago: 4)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { last_used_days_ago && (last_used_days_ago < 2) }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("ROBIN")
|
|
end
|
|
|
|
def test_property_last_used_hours_ago
|
|
assert_kind_of(NilClass, @all_basic.entries[0].last_used_hours_ago)
|
|
assert_kind_of(Integer, @all_basic.entries[1].last_used_hours_ago)
|
|
|
|
arg_filtered = @all_basic.where(last_used_hours_ago: 102)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { last_used_hours_ago && (last_used_hours_ago < 10) }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("ROBIN")
|
|
end
|
|
|
|
#-----------------------------------------------------------#
|
|
# ever_used / never_used #
|
|
#-----------------------------------------------------------#
|
|
def test_property_ever_used
|
|
assert_kind_of(FalseClass, @all_basic.entries[0].ever_used)
|
|
assert_kind_of(TrueClass, @all_basic.entries[1].ever_used)
|
|
|
|
arg_filtered = @all_basic.where(ever_used: true)
|
|
assert_equal(2, arg_filtered.entries.count)
|
|
|
|
block_filtered = @all_basic.where { ever_used }
|
|
assert_equal(2, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("SALLY")
|
|
end
|
|
|
|
def test_property_never_used
|
|
assert_kind_of(TrueClass, @all_basic.entries[0].never_used)
|
|
assert_kind_of(FalseClass, @all_basic.entries[1].never_used)
|
|
|
|
arg_filtered = @all_basic.where(never_used: true)
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
|
|
block_filtered = @all_basic.where { never_used }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("BOB")
|
|
end
|
|
|
|
#----------------------------------------------------------#
|
|
# user_created_date #
|
|
#----------------------------------------------------------#
|
|
def test_property_user_created_date
|
|
assert_kind_of(DateTime, @all_basic.entries.first.user_created_date)
|
|
arg_filtered = @all_basic.where(user_created_date: DateTime.parse("2017-10-21T17:58:00Z"))
|
|
assert_equal(1, arg_filtered.entries.count)
|
|
assert arg_filtered.access_key_ids.first.end_with?("SALLY")
|
|
|
|
block_filtered = @all_basic.where { user_created_date.saturday? }
|
|
assert_equal(1, block_filtered.entries.count)
|
|
assert block_filtered.access_key_ids.first.end_with?("SALLY")
|
|
end
|
|
end
|
|
#==========================================================#
|
|
# Mock Support Classes #
|
|
#==========================================================#
|
|
|
|
# MAKP = MockAccessKeyProvider. Abbreviation not used
|
|
# outside this file.
|
|
|
|
class AlwaysEmptyMAKP < AwsBackendBase
|
|
def fetch(_filter_criteria)
|
|
[]
|
|
end
|
|
end
|
|
|
|
class BasicMAKP < AwsBackendBase
|
|
def fetch(_filter_criteria)
|
|
[
|
|
{
|
|
username: "bob",
|
|
access_key_id: "AKIA1234567890123BOB",
|
|
id: "AKIA1234567890123BOB",
|
|
create_date: DateTime.parse("2017-10-27T17:58:00Z"),
|
|
created_days_ago: 4,
|
|
created_hours_ago: 102,
|
|
created_with_user: true,
|
|
status: "Active",
|
|
active: true,
|
|
inactive: false,
|
|
last_used_date: nil,
|
|
last_used_days_ago: nil,
|
|
last_used_hours_ago: nil,
|
|
ever_used: false,
|
|
never_used: true,
|
|
user_created_date: DateTime.parse("2017-10-27T17:58:00Z"),
|
|
},
|
|
{
|
|
username: "sally",
|
|
access_key_id: "AKIA12345678901SALLY",
|
|
id: "AKIA12345678901SALLY",
|
|
create_date: DateTime.parse("2017-10-22T17:58:00Z"),
|
|
created_days_ago: 9,
|
|
created_hours_ago: 222,
|
|
created_with_user: false,
|
|
status: "Active",
|
|
active: true,
|
|
inactive: false,
|
|
last_used_date: DateTime.parse("2017-10-27T17:58:00Z"),
|
|
last_used_days_ago: 4,
|
|
last_used_hours_ago: 102,
|
|
ever_used: true,
|
|
never_used: false,
|
|
user_created_date: DateTime.parse("2017-10-21T17:58:00Z"),
|
|
},
|
|
{
|
|
username: "robin",
|
|
access_key_id: "AKIA12345678901ROBIN",
|
|
id: "AKIA12345678901ROBIN",
|
|
create_date: DateTime.parse("2017-10-31T17:58:00Z"),
|
|
created_days_ago: 1,
|
|
created_hours_ago: 12,
|
|
created_with_user: true,
|
|
status: "Inactive",
|
|
active: false,
|
|
inactive: true,
|
|
last_used_date: DateTime.parse("2017-10-31T20:58:00Z"),
|
|
last_used_days_ago: 0,
|
|
last_used_hours_ago: 5,
|
|
ever_used: true,
|
|
never_used: false,
|
|
user_created_date: DateTime.parse("2017-10-31T17:58:00Z"),
|
|
},
|
|
]
|
|
end
|
|
end
|