mirror of
https://github.com/inspec/inspec
synced 2024-11-24 05:33:17 +00:00
a33146f9a4
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
89 lines
2.6 KiB
Ruby
89 lines
2.6 KiB
Ruby
class AwsEc2SecurityGroup < Inspec.resource(1)
|
|
name 'aws_ec2_security_group'
|
|
desc 'Verifies settings for an individual AWS Security Group.'
|
|
example '
|
|
describe aws_ec2_security_group("sg-12345678") do
|
|
it { should exist }
|
|
end
|
|
'
|
|
|
|
include AwsResourceMixin
|
|
attr_reader :description, :group_id, :group_name, :vpc_id
|
|
|
|
def to_s
|
|
'EC2 Security Group'
|
|
end
|
|
|
|
private
|
|
|
|
def validate_params(raw_params)
|
|
recognized_params = check_resource_param_names(
|
|
raw_params: raw_params,
|
|
allowed_params: [:id, :group_id, :group_name, :vpc_id],
|
|
allowed_scalar_name: :group_id,
|
|
allowed_scalar_type: String,
|
|
)
|
|
|
|
# id is an alias for group_id
|
|
recognized_params[:group_id] = recognized_params.delete(:id) if recognized_params.key?(:id)
|
|
|
|
if recognized_params.key?(:group_id) && recognized_params[:group_id] !~ /^sg\-[0-9a-f]{8}/
|
|
raise ArgumentError, 'aws_ec2_security_group security group ID must be in the format "sg-" followed by 8 hexadecimal characters.'
|
|
end
|
|
|
|
if recognized_params.key?(:vpc_id) && recognized_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}/
|
|
raise ArgumentError, 'aws_ec2_security_group VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
|
|
end
|
|
|
|
validated_params = recognized_params
|
|
|
|
if validated_params.empty?
|
|
raise ArgumentError, 'You must provide parameters to aws_ec2_security_group, such as group_name, group_id, or vpc_id.g_group.'
|
|
end
|
|
validated_params
|
|
end
|
|
|
|
def fetch_from_aws
|
|
backend = AwsEc2SecurityGroup::BackendFactory.create
|
|
|
|
# Transform into filter format expected by AWS
|
|
filters = []
|
|
[
|
|
:description,
|
|
:group_id,
|
|
:group_name,
|
|
:vpc_id,
|
|
].each do |criterion_name|
|
|
val = instance_variable_get("@#{criterion_name}".to_sym)
|
|
next if val.nil?
|
|
filters.push(
|
|
{
|
|
name: criterion_name.to_s.tr('_', '-'),
|
|
values: [val],
|
|
},
|
|
)
|
|
end
|
|
dsg_response = backend.describe_security_groups(filters: filters)
|
|
|
|
if dsg_response.security_groups.empty?
|
|
@exists = false
|
|
return
|
|
end
|
|
|
|
@exists = true
|
|
@description = dsg_response.security_groups[0].description
|
|
@group_id = dsg_response.security_groups[0].group_id
|
|
@group_name = dsg_response.security_groups[0].group_name
|
|
@vpc_id = dsg_response.security_groups[0].vpc_id
|
|
end
|
|
|
|
class Backend
|
|
class AwsClientApi < Backend
|
|
AwsEc2SecurityGroup::BackendFactory.set_default_backend self
|
|
|
|
def describe_security_groups(query)
|
|
AWSConnection.new.ec2_client.describe_security_groups(query)
|
|
end
|
|
end
|
|
end
|
|
end
|