mirror of
https://github.com/inspec/inspec
synced 2024-11-24 05:33:17 +00:00
2955aabf7f
* Standardize requires in unit tests Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Standardize requires in resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Move AWS connection hook into non-resource library area Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add an AWS resource mixin, pushing constructor out to it Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push resource param name recognition into mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push exists predicate up to mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rename base.rb to be resource_mixin for clarity Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Separate the backend from its factory, and push it out into a class mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Push BackendFactory up into the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * De-linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove aws_conn require from LMF and CloudWatch Alarm filters Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Use resource mixin for Cloudwatch Alarm Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rework LMF to use the resource mixin Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Rubocop. Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove SDK load from connection.rb; that happens in aws.rb now Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Mixin should default to allowing empty resource params Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update LMF to enforce params being required Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
72 lines
1.5 KiB
Ruby
72 lines
1.5 KiB
Ruby
# author: Viktor Yakovlyev
|
|
class AwsIamPasswordPolicy < Inspec.resource(1)
|
|
name 'aws_iam_password_policy'
|
|
desc 'Verifies iam password policy'
|
|
|
|
example "
|
|
describe aws_iam_password_policy do
|
|
its('requires_lowercase_characters?') { should be true }
|
|
end
|
|
|
|
describe aws_iam_password_policy do
|
|
its('requires_uppercase_characters?') { should be true }
|
|
end
|
|
"
|
|
|
|
def initialize(conn = AWSConnection.new)
|
|
@policy = conn.iam_resource.account_password_policy
|
|
rescue Aws::IAM::Errors::NoSuchEntity
|
|
@policy = nil
|
|
end
|
|
|
|
def exists?
|
|
!@policy.nil?
|
|
end
|
|
|
|
def requires_lowercase_characters?
|
|
@policy.require_lowercase_characters
|
|
end
|
|
|
|
def requires_uppercase_characters?
|
|
@policy.require_uppercase_characters
|
|
end
|
|
|
|
def minimum_password_length
|
|
@policy.minimum_password_length
|
|
end
|
|
|
|
def requires_numbers?
|
|
@policy.require_numbers
|
|
end
|
|
|
|
def requires_symbols?
|
|
@policy.require_symbols
|
|
end
|
|
|
|
def allows_users_to_change_password?
|
|
@policy.allow_users_to_change_password
|
|
end
|
|
|
|
def expires_passwords?
|
|
@policy.expire_passwords
|
|
end
|
|
|
|
def max_password_age
|
|
raise 'this policy does not expire passwords' unless expires_passwords?
|
|
@policy.max_password_age
|
|
end
|
|
|
|
def prevents_password_reuse?
|
|
!@policy.password_reuse_prevention.nil?
|
|
end
|
|
|
|
def number_of_passwords_to_remember
|
|
raise 'this policy does not prevent password reuse' \
|
|
unless prevents_password_reuse?
|
|
@policy.password_reuse_prevention
|
|
end
|
|
|
|
def to_s
|
|
'IAM Password-Policy'
|
|
end
|
|
end
|