mirror of
https://github.com/inspec/inspec
synced 2024-12-02 17:40:00 +00:00
6aaab8691c
Includes train aws:// targeting and some new resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
255 lines
No EOL
7.9 KiB
Ruby
255 lines
No EOL
7.9 KiB
Ruby
# author: Simon Varlow
|
|
require 'helper'
|
|
|
|
# MAUIB = MockAwsIamUserBackend
|
|
# Abbreviation not used outside this file
|
|
|
|
#=============================================================================#
|
|
# Constructor Tests
|
|
#=============================================================================#
|
|
class AwsIamUserConstructorTest < Minitest::Test
|
|
|
|
def setup
|
|
AwsIamUser::BackendFactory.select(MAIUB::Three)
|
|
end
|
|
|
|
def test_empty_params_throws_exception
|
|
assert_raises(ArgumentError) { AwsIamUser.new }
|
|
end
|
|
|
|
def test_accepts_username_as_scalar
|
|
AwsIamUser.new('erin')
|
|
end
|
|
|
|
def test_accepts_username_as_hash
|
|
AwsIamUser.new(username: 'erin')
|
|
end
|
|
|
|
def test_rejects_unrecognized_params
|
|
assert_raises(ArgumentError) { AwsIamUser.new(shoe_size: 9) }
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Search / Recall
|
|
#=============================================================================#
|
|
class AwsIamUserRecallTest < Minitest::Test
|
|
def setup
|
|
AwsIamUser::BackendFactory.select(MAIUB::Three)
|
|
end
|
|
|
|
def test_search_miss_is_not_an_exception
|
|
user = AwsIamUser.new('tommy')
|
|
refute user.exists?
|
|
end
|
|
|
|
def test_search_hit_via_scalar_works
|
|
user = AwsIamUser.new('erin')
|
|
assert user.exists?
|
|
assert_equal('erin', user.username)
|
|
end
|
|
|
|
def test_search_hit_via_hash_works
|
|
user = AwsIamUser.new(username: 'erin')
|
|
assert user.exists?
|
|
assert_equal('erin', user.username)
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Properties
|
|
#=============================================================================#
|
|
|
|
class AwsIamUserPropertiesTest < Minitest::Test
|
|
def setup
|
|
AwsIamUser::BackendFactory.select(MAIUB::Three)
|
|
end
|
|
|
|
#-----------------------------------------------------#
|
|
# username property
|
|
#-----------------------------------------------------#
|
|
def test_property_username_correct_on_hit
|
|
user = AwsIamUser.new(username: 'erin')
|
|
assert_equal('erin', user.username)
|
|
end
|
|
|
|
#-----------------------------------------------------#
|
|
# has_console_password property and predicate
|
|
#-----------------------------------------------------#
|
|
def test_property_password_positive
|
|
user = AwsIamUser.new(username: 'erin')
|
|
assert_equal(true, user.has_console_password)
|
|
assert_equal(true, user.has_console_password?)
|
|
end
|
|
|
|
def test_property_password_negative
|
|
user = AwsIamUser.new(username: 'leslie')
|
|
assert_equal(false, user.has_console_password)
|
|
assert_equal(false, user.has_console_password?)
|
|
end
|
|
|
|
#-----------------------------------------------------#
|
|
# has_mfa_enabled property and predicate
|
|
#-----------------------------------------------------#
|
|
def test_property_mfa_positive
|
|
user = AwsIamUser.new(username: 'erin')
|
|
assert_equal(true, user.has_mfa_enabled)
|
|
assert_equal(true, user.has_mfa_enabled?)
|
|
end
|
|
|
|
def test_property_mfa_negative
|
|
user = AwsIamUser.new(username: 'leslie')
|
|
assert_equal(false, user.has_mfa_enabled)
|
|
assert_equal(false, user.has_mfa_enabled?)
|
|
end
|
|
|
|
#-----------------------------------------------------#
|
|
# access_keys property
|
|
#-----------------------------------------------------#
|
|
def test_property_access_keys_positive
|
|
keys = AwsIamUser.new(username: 'erin').access_keys
|
|
assert_kind_of(Array, keys)
|
|
assert_equal(keys.length, 2)
|
|
# We don't currently promise that the results
|
|
# will be Inspec resource objects.
|
|
# assert_kind_of(AwsIamAccessKey, keys.first)
|
|
end
|
|
|
|
def test_property_access_keys_negative
|
|
keys = AwsIamUser.new(username: 'leslie').access_keys
|
|
assert_kind_of(Array, keys)
|
|
assert(keys.empty?)
|
|
end
|
|
end
|
|
|
|
#=============================================================================#
|
|
# Test Fixtures
|
|
#=============================================================================#
|
|
|
|
module MAIUB
|
|
class Three < AwsBackendBase
|
|
def get_user(criteria)
|
|
people = {
|
|
'erin' => OpenStruct.new({
|
|
user: OpenStruct.new({
|
|
arn: "arn:aws:iam::123456789012:user/erin",
|
|
create_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
path: "/",
|
|
user_id: "AKIAIOSFODNN7EXAERIN",
|
|
user_name: "erin",
|
|
}),
|
|
}),
|
|
'leslie' => OpenStruct.new({
|
|
user: OpenStruct.new({
|
|
arn: "arn:aws:iam::123456789012:user/leslie",
|
|
create_date: Time.parse("2017-09-21T23:03:13Z"),
|
|
path: "/",
|
|
user_id: "AKIAIOSFODNN7EXAERIN",
|
|
user_name: "leslie",
|
|
}),
|
|
}),
|
|
'jared' => OpenStruct.new({
|
|
user: OpenStruct.new({
|
|
arn: "arn:aws:iam::123456789012:user/jared",
|
|
create_date: Time.parse("2017-09-21T23:03:13Z"),
|
|
path: "/",
|
|
user_id: "AKIAIOSFODNN7EXAERIN",
|
|
user_name: "jared",
|
|
}),
|
|
}),
|
|
}
|
|
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
|
|
people[criteria[:user_name]]
|
|
end
|
|
|
|
def get_login_profile(criteria)
|
|
# Leslie has no password
|
|
# Jared's is expired
|
|
people = {
|
|
'erin' => OpenStruct.new({
|
|
login_profile: OpenStruct.new({
|
|
user_name: 'erin',
|
|
password_reset_required: false,
|
|
create_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
}),
|
|
}),
|
|
'jared' => OpenStruct.new({
|
|
login_profile: OpenStruct.new({
|
|
user_name: 'jared',
|
|
password_reset_required: true,
|
|
create_date: Time.parse("2017-09-21T23:03:13Z"),
|
|
}),
|
|
}),
|
|
}
|
|
raise Aws::IAM::Errors::NoSuchEntity.new(nil, nil) unless people.key?(criteria[:user_name])
|
|
people[criteria[:user_name]]
|
|
end
|
|
def list_mfa_devices(criteria)
|
|
# Erin has 2, one soft and one hw
|
|
# Leslie has none
|
|
# Jared has one soft
|
|
people = {
|
|
'erin' => OpenStruct.new({
|
|
mfa_devices: [
|
|
OpenStruct.new({
|
|
user_name: 'erin',
|
|
serial_number: 'arn:blahblahblah',
|
|
enable_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
}),
|
|
OpenStruct.new({
|
|
user_name: 'erin',
|
|
serial_number: '1234567890',
|
|
enable_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
}),
|
|
]
|
|
}),
|
|
'leslie' => OpenStruct.new({mfa_devices: []}),
|
|
'jared' => OpenStruct.new({
|
|
mfa_devices: [
|
|
OpenStruct.new({
|
|
user_name: 'jared',
|
|
serial_number: 'arn:blahblahblah',
|
|
enable_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
}),
|
|
]
|
|
}),
|
|
}
|
|
people[criteria[:user_name]]
|
|
end
|
|
def list_access_keys(criteria)
|
|
# Erin has 2
|
|
# Leslie has none
|
|
# Jared has one
|
|
people = {
|
|
'erin' => OpenStruct.new({
|
|
access_key_metadata: [
|
|
OpenStruct.new({
|
|
user_name: 'erin',
|
|
access_key_id: 'AKIA111111111EXAMPLE',
|
|
create_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
status: 'Active',
|
|
}),
|
|
OpenStruct.new({
|
|
user_name: 'erin',
|
|
access_key_id: 'AKIA222222222EXAMPLE',
|
|
create_date: Time.parse("2016-09-21T23:03:13Z"),
|
|
status: 'Active',
|
|
}),
|
|
]
|
|
}),
|
|
'leslie' => OpenStruct.new({access_key_metadata: []}),
|
|
'jared' => OpenStruct.new({
|
|
access_key_metadata: [
|
|
OpenStruct.new({
|
|
user_name: 'jared',
|
|
access_key_id: 'AKIA3333333333EXAMPLE',
|
|
create_date: Time.parse("2017-10-21T23:03:13Z"),
|
|
status: 'Active',
|
|
}),
|
|
]
|
|
}),
|
|
}
|
|
people[criteria[:user_name]]
|
|
end
|
|
end
|
|
end |