mirror of
https://github.com/inspec/inspec
synced 2025-01-02 00:09:01 +00:00
603bef6f29
* Initial commit of skeletal resource aws_kms_key * * Adds comments to rerun travis * * Clarifies some parts of the doc. * Changes matcher have_aws_key_manager to manged_by_aws * Fixes copypasta * Adds clarification to property names * Fixes rescueing exceptions from the api * raises exceptions in the unit tests Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
227 lines
No EOL
8.2 KiB
Ruby
227 lines
No EOL
8.2 KiB
Ruby
require 'helper'
|
|
|
|
# MAKKSB = MockAwsKmsKeyBackend
|
|
# Abbreviation not used outside this file
|
|
|
|
TIME_NOW = Time.now
|
|
#=============================================================================#
|
|
# Constructor Tests
|
|
#=============================================================================#
|
|
class AwsKmsKeyConstructorTest < Minitest::Test
|
|
|
|
def setup
|
|
AwsKmsKey::BackendFactory.select(MAKKSB::Empty)
|
|
end
|
|
|
|
def test_rejects_empty_params
|
|
assert_raises(ArgumentError) { AwsKmsKey.new }
|
|
end
|
|
|
|
def test_accepts_key_arn_as_scalar
|
|
AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111')
|
|
end
|
|
|
|
def test_accepts_key_arn_as_hash
|
|
AwsKmsKey.new(key_id: 'arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111')
|
|
end
|
|
|
|
def test_rejects_unrecognized_params
|
|
assert_raises(ArgumentError) { AwsKmsKey.new(invalid: 9) }
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Search / Recall
|
|
#=============================================================================#
|
|
class AwsKmsKeyRecallTest < Minitest::Test
|
|
|
|
def setup
|
|
AwsKmsKey::BackendFactory.select(MAKKSB::Basic)
|
|
end
|
|
|
|
def test_search_hit_via_scalar_works
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').exists?
|
|
end
|
|
|
|
def test_search_hit_via_hash_works
|
|
assert AwsKmsKey.new(key_id: 'arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').exists?
|
|
end
|
|
|
|
def test_search_miss_is_not_an_exception
|
|
refute AwsKmsKey.new(key_id: 'non-existant').exists?
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Properties
|
|
#=============================================================================#
|
|
class AwsKmsKeyPropertiesTest < Minitest::Test
|
|
|
|
def setup
|
|
AwsKmsKey::BackendFactory.select(MAKKSB::Basic)
|
|
end
|
|
|
|
def test_property_key_id
|
|
assert_equal('7a6950aa-c8e6-4e51-8afc-111111111111', AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').key_id)
|
|
end
|
|
|
|
def test_property_arn
|
|
assert_equal('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111', AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').arn)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').arn)
|
|
end
|
|
|
|
def test_property_creation_date
|
|
assert_equal(TIME_NOW - 10*24*3600, AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').creation_date)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').creation_date)
|
|
end
|
|
|
|
def test_property_key_usage
|
|
assert_equal('ENCRYPT_DECRYPT', AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').key_usage)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').key_usage)
|
|
end
|
|
|
|
def test_property_key_state
|
|
assert_equal('Enabled', AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').key_state)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').key_state)
|
|
end
|
|
|
|
def test_property_description
|
|
assert_equal('test-key-1-desc', AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').description)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').description)
|
|
end
|
|
|
|
def test_property_deletion_time
|
|
assert_equal(TIME_NOW + 10*24*3600, AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').deletion_time)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').deletion_time)
|
|
end
|
|
|
|
def test_property_invalidation_time
|
|
assert_nil(AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').invalidation_time)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').invalidation_time)
|
|
end
|
|
|
|
def test_property_created_days_ago
|
|
assert_equal(10, AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').created_days_ago)
|
|
assert_nil(AwsKmsKey.new(key_id: 'non-existant').created_days_ago)
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Matchers
|
|
#=============================================================================#
|
|
class AwsKmsKeyMatchersTest < Minitest::Test
|
|
|
|
def setup
|
|
AwsKmsKey::BackendFactory.select(MAKKSB::Basic)
|
|
end
|
|
|
|
def test_matcher_enabled_positive
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').enabled?
|
|
end
|
|
|
|
def test_matcher_enabled_negative
|
|
refute AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222').enabled?
|
|
end
|
|
|
|
def test_matcher_rotation_enabled_positive
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').has_rotation_enabled?
|
|
end
|
|
|
|
def test_matcher_rotation_enabled_negative
|
|
refute AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222').has_rotation_enabled?
|
|
end
|
|
|
|
def test_matcher_external_positive
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222').external?
|
|
end
|
|
|
|
def test_matcher_external_negative
|
|
refute AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').external?
|
|
end
|
|
|
|
def test_matcher_has_key_expiration_positive
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').has_key_expiration?
|
|
end
|
|
|
|
def test_matcher_has_key_expiration_negative
|
|
refute AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222').has_key_expiration?
|
|
end
|
|
|
|
def test_matcher_has_aws_key_manager_positive
|
|
assert AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111').managed_by_aws?
|
|
end
|
|
|
|
def test_matcher_has_aws_key_manager_negative
|
|
refute AwsKmsKey.new('arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222').managed_by_aws?
|
|
end
|
|
end
|
|
|
|
|
|
#=============================================================================#
|
|
# Test Fixtures
|
|
#=============================================================================#
|
|
module MAKKSB
|
|
class Empty < AwsBackendBase
|
|
def describe_key(query)
|
|
raise Aws::KMS::Errors::NotFoundException.new(nil, nil)
|
|
end
|
|
end
|
|
|
|
class Basic < AwsBackendBase
|
|
def describe_key(query)
|
|
fixtures = [
|
|
OpenStruct.new({
|
|
key_id: "7a6950aa-c8e6-4e51-8afc-111111111111",
|
|
arn: "arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111",
|
|
creation_date: TIME_NOW - 10*24*3600,
|
|
enabled: true,
|
|
description: "test-key-1-desc",
|
|
key_usage: "ENCRYPT_DECRYPT",
|
|
key_state: "Enabled",
|
|
deletion_date: TIME_NOW + 10*24*3600,
|
|
valid_to: nil,
|
|
origin: "AWS_KMS",
|
|
expiration_model: 'KEY_MATERIAL_EXPIRES',
|
|
key_manager: "AWS"
|
|
}),
|
|
OpenStruct.new({
|
|
key_id: "7a6950aa-c8e6-4e51-8afc-222222222222",
|
|
arn: "arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222",
|
|
creation_date: TIME_NOW,
|
|
enabled: false,
|
|
description: "test-key-2-desc",
|
|
key_usage: '',
|
|
key_state: "PendingDeletion",
|
|
deletion_date: nil,
|
|
valid_to: nil,
|
|
origin: "EXTERNAL",
|
|
expiration_model: 'KEY_MATERIAL_DOES_NOT_EXPIRE',
|
|
key_manager: "CUSTOMER"
|
|
}),
|
|
]
|
|
selected = fixtures.detect do |fixture|
|
|
fixture.arn == query[:key_id]
|
|
end
|
|
return OpenStruct.new({ key_metadata: selected }) unless selected.nil?
|
|
raise Aws::KMS::Errors::NotFoundException.new(nil, nil)
|
|
end
|
|
|
|
def get_key_rotation_status(query)
|
|
fixtures = [
|
|
OpenStruct.new({
|
|
arn: "arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-111111111111",
|
|
key_rotation_enabled: true
|
|
}),
|
|
OpenStruct.new({
|
|
arn: "arn:aws:kms:us-east-1::key/7a6950aa-c8e6-4e51-8afc-222222222222",
|
|
key_rotation_enabled: false
|
|
}),
|
|
]
|
|
selected = fixtures.detect do |fixture|
|
|
fixture.arn == query[:key_id]
|
|
end
|
|
return selected unless selected.nil?
|
|
raise Aws::KMS::Errors::NotFoundException.new(nil, nil)
|
|
end
|
|
end
|
|
end |